CVEs from 2019
Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%
Top products
- u-boot 20
- nsauditor 1
- crypto 1
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2019-11707 | critical | — | 10.0 | 4y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. | |
| CVE-2019-13720 | critical | — | 10.0 | 4y ago | arbitrary code execution in chromium | |
| CVE-2019-11043 | critical | — | 10.0 | 4y ago | Critical: php:7.2 security update | |
| CVE-2019-16928 | critical | — | 10.0 | 4y ago | Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. | |
| CVE-2019-10149 | critical | — | 10.0 | 4y ago | Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |
| CVE-2019-17026 | critical | — | 10.0 | 5y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | |
| CVE-2019-0211 | critical | — | 10.0 | 5y ago | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute c… | |
| CVE-2019-14204 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply. | |
| CVE-2019-14203 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply. | |
| CVE-2019-14202 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply. | |
| CVE-2019-14201 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply. | |
| CVE-2019-14200 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply. | |
| CVE-2019-14199 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call. | |
| CVE-2019-14198 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case. | |
| CVE-2019-14196 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply. | |
| CVE-2019-14195 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length. | |
| CVE-2019-14194 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case. | |
| CVE-2019-14193 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length. | |
| CVE-2019-14192 | critical | 9.8 | 9.8 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call. | |
| CVE-2019-5838 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-11710 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |
| CVE-2019-13728 | critical | — | 9.5 | — | Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-17016 | critical | — | 9.5 | — | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites re… | |
| CVE-2019-17017 | critical | — | 9.5 | — | Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. Thi… | |
| CVE-2019-11762 | critical | — | 9.5 | — | If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulner… | |
| CVE-2019-11760 | critical | — | 9.5 | — | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderb… | |
| CVE-2019-3859 | critical | — | 9.5 | — | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to … | |
| CVE-2019-3836 | critical | — | 9.5 | — | It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. | |
| CVE-2019-0215 | critical | — | 9.5 | — | multiple issues in apache | |
| CVE-2019-11745 | critical | — | 9.5 | — | When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and… | |
| CVE-2019-11500 | critical | — | 9.5 | — | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … | |
| CVE-2019-9816 | critical | — | 9.5 | — | A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vu… | |
| CVE-2019-5828 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-13763 | critical | — | 9.5 | — | Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | |
| CVE-2019-13767 | critical | — | 9.5 | — | Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-13761 | critical | — | 9.5 | — | Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |
| CVE-2019-19923 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-5839 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-9817 | critical | — | 9.5 | — | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi… | |
| CVE-2019-3861 | critical | — | 9.5 | — | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH… | |
| CVE-2019-9788 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we pres… | |
| CVE-2019-9795 | critical | — | 9.5 | — | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affe… | |
| CVE-2019-17024 | critical | — | 9.5 | — | Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these… | |
| CVE-2019-11713 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.… | |
| CVE-2019-11696 | critical | — | 9.5 | — | Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local sys… | |
| CVE-2019-11691 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially explo… | |
| CVE-2019-9790 | critical | — | 9.5 | — | A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially e… | |
| CVE-2019-5833 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-13748 | critical | — | 9.5 | — | Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML p… | |
| CVE-2019-5832 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-17005 | critical | — | 9.5 | — | The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a poten… | |
| CVE-2019-8942 | critical | — | 9.5 | — | WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php su… | |
| CVE-2019-17666 | critical | — | 9.5 | — | rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. | |
| CVE-2019-18511 | critical | — | 9.5 | — | multiple issues in thunderbird | |
| CVE-2019-3813 | critical | — | 9.5 | — | Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-executi… | |
| CVE-2019-5829 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-9821 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in AssertWorkerThread due to a race condition with shared workers. This results in a potentially exploitable crash. This vulnerability affects Firefox < 67. | |
| CVE-2019-17000 | critical | — | 9.5 | — | An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URI… | |
| CVE-2019-9820 | critical | — | 9.5 | — | A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.… | |
| CVE-2019-5840 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-11717 | critical | — | 9.5 | — | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vuln… | |
| CVE-2019-13721 | critical | — | 9.5 | — | arbitrary code execution in chromium | |
| CVE-2019-5831 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-5835 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-17010 | critical | — | 9.5 | — | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.… | |
| CVE-2019-9792 | critical | — | 9.5 | — | The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory c… | |
| CVE-2019-13734 | critical | — | 9.5 | — | Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-11715 | critical | — | 9.5 | — | Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability aff… | |
| CVE-2019-3829 | critical | — | 9.5 | — | A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifi… | |
| CVE-2019-5837 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-11759 | critical | — | 9.5 | — | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a c… | |
| CVE-2019-17008 | critical | — | 9.5 | — | When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3,… | |
| CVE-2019-11695 | critical | — | 9.5 | — | A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be … | |
| CVE-2019-5823 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-19925 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-5762 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-5821 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-9814 | critical | — | 9.5 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |
| CVE-2019-11761 | critical | — | 9.5 | — | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it … | |
| CVE-2019-11724 | critical | — | 9.5 | — | Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnece… | |
| CVE-2019-13736 | critical | — | 9.5 | — | Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |
| CVE-2019-13755 | critical | — | 9.5 | — | Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | |
| CVE-2019-9805 | critical | — | 9.5 | — | A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions, leading to potential memory corruption. This vulnerability affects Firefox < 66. | |
| CVE-2019-9807 | critical | — | 9.5 | — | When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for soc… | |
| CVE-2019-17001 | critical | — | 9.5 | — | A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-… | |
| CVE-2019-13756 | critical | — | 9.5 | — | Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |
| CVE-2019-17022 | critical | — | 9.5 | — | When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text … | |
| CVE-2019-9803 | critical | — | 9.5 | — | The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrec… | |
| CVE-2019-9813 | critical | — | 9.5 | — | Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firef… | |
| CVE-2019-5811 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-13745 | critical | — | 9.5 | — | Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |
| CVE-2019-3860 | critical | — | 9.5 | — | An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial … | |
| CVE-2019-9819 | critical | — | 9.5 | — | A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefo… | |
| CVE-2019-17002 | critical | — | 9.5 | — | If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < … | |
| CVE-2019-5822 | critical | — | 9.5 | — | multiple issues in chromium | |
| CVE-2019-13749 | critical | — | 9.5 | — | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |
| CVE-2019-17009 | critical | — | 9.5 | — | When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the up… | |
| CVE-2019-9793 | critical | — | 9.5 | — | A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create… | |
| CVE-2019-3856 | critical | — | 9.5 | — | An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH se… | |
| CVE-2019-9808 | critical | — | 9.5 | — | If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the… |