VIR Vulnerability Intelligence Relay

CVEs from 2019

4,015 normalized CVEs published or assigned in this year.

Total
4,015
critical
critical 232
high
high 332
medium
medium 301
low
low 72
% Critical
5.8%
% with KEV
2.9%
% with exploit
3.0%

Top vendors

Top products

  • u-boot 20
  • nsauditor 1
  • crypto 1

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2019-11708 high 9.5 4y ago Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. archdebian
CVE-2019-5786 high 9.5 6y ago arbitrary code execution in chromium archdebiannpm
CVE-2019-25650 high 8.4 8.4 2mo ago River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_en…
CVE-2019-25651 high 8.3 8.3 2mo ago Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 u…
CVE-2019-25642 high 8.2 8.2 2mo ago Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can…
CVE-2019-25640 high 8.2 8.2 2mo ago Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usi…
CVE-2019-5790 high 8.0 multiple issues in chromium archdebian
CVE-2019-3823 high 8.0 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termi… archsusedebian
CVE-2019-15717 high 8.0 Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. archdebian
CVE-2019-9848 high 8.0 LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… archsusedebian
CVE-2019-5788 high 8.0 multiple issues in chromium archdebian
CVE-2019-16866 high 8.0 Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. archdebian
CVE-2019-1000020 high 8.0 libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660… archsusedebian
CVE-2019-14868 high 8.0 In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell comman… archsusedebian
CVE-2019-13709 high 8.0 multiple issues in chromium archdebian
CVE-2019-5787 high 8.0 multiple issues in chromium archdebian
CVE-2019-0117 high 8.0 multiple issues in intel-ucode arch
CVE-2019-11683 high 8.0 udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have un… archsusedebian
CVE-2019-18182 high 8.0 arbitrary command execution in pacman arch
CVE-2019-18183 high 8.0 arbitrary command execution in pacman arch
CVE-2019-13711 high 8.0 multiple issues in chromium archdebian
CVE-2019-13714 high 8.0 multiple issues in chromium archdebian
CVE-2019-11461 high 8.0 An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … archsusedebian
CVE-2019-1387 high 8.0 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that… archdebian
CVE-2019-13699 high 8.0 multiple issues in chromium archdebian
CVE-2019-13717 high 8.0 multiple issues in chromium archdebian
CVE-2019-13695 high 8.0 multiple issues in chromium archdebian
CVE-2019-13693 high 8.0 multiple issues in chromium archdebian
CVE-2019-11703 high 8.0 A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnera… archsusedebian
CVE-2019-10193 high 8.0 A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRA… rockylinuxdebian
CVE-2019-0053 high 8.0 Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS… archdebian
CVE-2019-8337 high 8.0 In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. archdebian
CVE-2019-12749 high 8.0 dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofi… archsusedebian
CVE-2019-14813 high 8.0 A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A… archsusedebian
CVE-2019-19604 high 8.0 Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can… archdebian
CVE-2019-8377 high 8.0 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… archdebian
CVE-2019-0190 high 8.0 multiple issues in apache debianarch
CVE-2019-14318 high 8.0 Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… archdebian
CVE-2019-8376 high 8.0 An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… archdebian
CVE-2019-11737 high 8.0 If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … archdebian
CVE-2019-13697 high 8.0 multiple issues in chromium archdebian
CVE-2019-5489 high 8.0 The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allow… archsusedebian
CVE-2019-8943 high 8.0 WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … archdebian
CVE-2019-6473 high 8.0 An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… archdebian
CVE-2019-13718 high 8.0 multiple issues in chromium archdebian
CVE-2019-5853 high 8.0 multiple issues in chromium archdebian
CVE-2019-1352 high 8.0 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… archdebian
CVE-2019-1349 high 8.0 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… archdebian
CVE-2019-13701 high 8.0 multiple issues in chromium archdebian
CVE-2019-5795 high 8.0 multiple issues in chromium archdebian
CVE-2019-5860 high 8.0 multiple issues in chromium archdebian
CVE-2019-5850 high 8.0 multiple issues in chromium archdebian
CVE-2019-5800 high 8.0 multiple issues in chromium archdebian
CVE-2019-5798 high 8.0 multiple issues in chromium archdebian
CVE-2019-5793 high 8.0 multiple issues in chromium archdebian
CVE-2019-5802 high 8.0 multiple issues in chromium archdebian
CVE-2019-5799 high 8.0 multiple issues in chromium archdebian
CVE-2019-5789 high 8.0 multiple issues in chromium archdebian
CVE-2019-8381 high 8.0 An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… archdebian
CVE-2019-20503 high 8.0 multiple issues in chromium archdebiansuse
CVE-2019-13719 high 8.0 multiple issues in chromium archdebian
CVE-2019-10192 high 8.0 A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using … rockylinuxdebian
CVE-2019-13707 high 8.0 multiple issues in chromium archdebian
CVE-2019-13694 high 8.0 multiple issues in chromium archdebian
CVE-2019-9849 high 8.0 LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who w… archsusedebian
CVE-2019-15903 high 8.0 multiple issues in chromium archdebiansuserockylinux
CVE-2019-25016 high 8.0 In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… archdebian
CVE-2019-13703 high 8.0 multiple issues in chromium archdebian
CVE-2019-5796 high 8.0 multiple issues in chromium archdebian
CVE-2019-5842 high 8.0 arbitrary code execution in chromium archdebian
CVE-2019-18222 high 8.0 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to reco… archdebian
CVE-2019-5794 high 8.0 multiple issues in chromium archdebian
CVE-2019-13716 high 8.0 multiple issues in chromium archdebian
CVE-2019-1348 high 8.0 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also vi… archsusedebian
CVE-2019-13715 high 8.0 multiple issues in chromium archdebian
CVE-2019-5865 high 8.0 multiple issues in chromium archdebian
CVE-2019-13713 high 8.0 multiple issues in chromium archdebian
CVE-2019-6474 high 8.0 A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… archdebian
CVE-2019-13710 high 8.0 multiple issues in chromium archdebian
CVE-2019-19882 high 8.0 shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… archdebian
CVE-2019-13704 high 8.0 multiple issues in chromium archdebian
CVE-2019-1351 high 8.0 A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. archdebian
CVE-2019-1350 high 8.0 A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… archdebian
CVE-2019-12881 high 8.0 i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o… archsusedebian
CVE-2019-5862 high 8.0 multiple issues in chromium archdebian
CVE-2019-5864 high 8.0 multiple issues in chromium archdebian
CVE-2019-5858 high 8.0 multiple issues in chromium archdebian
CVE-2019-5848 high 8.0 multiple issues in chromium archdebian
CVE-2019-5857 high 8.0 multiple issues in chromium archdebian
CVE-2019-5803 high 8.0 multiple issues in chromium archdebian
CVE-2019-5861 high 8.0 multiple issues in chromium archdebian
CVE-2019-13706 high 8.0 multiple issues in chromium archdebian
CVE-2019-5859 high 8.0 multiple issues in chromium archdebian
CVE-2019-11478 high 8.0 Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences… archsusedebian
CVE-2019-5854 high 8.0 multiple issues in chromium archdebian
CVE-2019-13705 high 8.0 multiple issues in chromium archdebian
CVE-2019-5852 high 8.0 multiple issues in chromium archdebian
CVE-2019-6956 high 8.0 An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. It is a buffer over-read in ps_mix_phase in libfaad/ps_dec.c. archdebian
CVE-2019-5851 high 8.0 multiple issues in chromium archdebian
CVE-2019-5435 high 8.0 An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. archdebian