CVEs from 2019
Total
3,310
critical
critical 173
high
high 509
medium
medium 470
low
low 94
% Critical
5.2%
% with KEV
3.6%
% with exploit
4.4%
Top products
- u-boot 20
- active_iq_unified_manager 7
- jdk 5
- weblogic_server 5
- oncommand_workflow_automation 5
- oncommand_insight 4
- codeready_linux_builder_eus 4
- libxslt 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13272 | high | — | 10.0 | 5y ago | Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. | |||
| CVE-2019-5786 | high | — | 10.0 | 6y ago | Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||
| CVE-2019-0211 | high | — | 9.5 | 5y ago | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute c… | |||
| CVE-2019-17026 | high | — | 9.5 | 5y ago | Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | |||
| CVE-2019-8943 | high | — | 9.0 | — | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … | |||
| CVE-2019-9213 | high | — | 9.0 | 7y ago | RHSA-2019:1480: kernel-rt security and bug fix update (Important) | |||
| CVE-2019-5736 | high | — | 9.0 | 7y ago | RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important) | |||
| CVE-2019-13721 | high | 8.8 | 8.8 | 7y ago | Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-25650 | high | 8.4 | 8.4 | 2mo ago | River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_en… | |||
| CVE-2019-25651 | high | 8.3 | 8.3 | 2mo ago | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 u… | |||
| CVE-2019-25642 | high | 8.2 | 8.2 | 2mo ago | Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can… | |||
| CVE-2019-25640 | high | 8.2 | 8.2 | 2mo ago | Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usi… | |||
| CVE-2019-6820 | high | 8.2 | 8.2 | 7y ago | A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a speci… | |||
| CVE-2019-5847 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5790 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-0190 | high | — | 8.0 | — | multiple issues in apache | |||
| CVE-2019-13700 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-25016 | high | — | 8.0 | — | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… | |||
| CVE-2019-5791 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-19977 | high | — | 8.0 | — | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | |||
| CVE-2019-13717 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5787 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18222 | high | — | 8.0 | — | The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to reco… | |||
| CVE-2019-13701 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13695 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-6472 | high | — | 8.0 | — | A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2. | |||
| CVE-2019-5868 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-5792 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5435 | high | — | 8.0 | — | An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||
| CVE-2019-13693 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13699 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-1353 | high | — | 8.0 | — | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known… | |||
| CVE-2019-5849 | high | — | 8.0 | — | Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-2201 | high | — | 8.0 | — | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged proces… | |||
| CVE-2019-6473 | high | — | 8.0 | — | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… | |||
| CVE-2019-0053 | high | — | 8.0 | — | Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS… | |||
| CVE-2019-5853 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-6474 | high | — | 8.0 | — | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… | |||
| CVE-2019-13702 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13706 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8907 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | |||
| CVE-2019-13705 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5862 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5857 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5858 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5795 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5842 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-5800 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5793 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5852 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5861 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5799 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5850 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5855 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5856 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5788 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-19604 | high | — | 8.0 | — | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can… | |||
| CVE-2019-3871 | high | — | 8.0 | — | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the … | |||
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |||
| CVE-2019-18182 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-5789 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5860 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5851 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5859 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13711 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13719 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-11461 | high | — | 8.0 | — | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … | |||
| CVE-2019-9848 | high | — | 8.0 | — | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… | |||
| CVE-2019-13714 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-18183 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-13696 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13708 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5867 | high | — | 8.0 | — | arbitrary code execution in chromium | |||
| CVE-2019-5848 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8376 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… | |||
| CVE-2019-14318 | high | — | 8.0 | — | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… | |||
| CVE-2019-8905 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||
| CVE-2019-5802 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-8904 | high | — | 8.0 | — | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | |||
| CVE-2019-1354 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |||
| CVE-2019-8343 | high | — | 8.0 | — | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |||
| CVE-2019-8377 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… | |||
| CVE-2019-8381 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… | |||
| CVE-2019-6956 | high | — | 8.0 | — | An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. | |||
| CVE-2019-1351 | high | — | 8.0 | — | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |||
| CVE-2019-13718 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-15717 | high | — | 8.0 | — | Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | |||
| CVE-2019-8337 | high | — | 8.0 | — | In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | |||
| CVE-2019-19882 | high | — | 8.0 | — | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… | |||
| CVE-2019-6133 | high | — | 8.0 | — | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to la… | |||
| CVE-2019-5854 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5864 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-12881 | high | — | 8.0 | — | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o… | |||
| CVE-2019-13697 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13707 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13703 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5796 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-5794 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13716 | high | — | 8.0 | — | multiple issues in chromium | |||
| CVE-2019-13715 | high | — | 8.0 | — | multiple issues in chromium |