CVEs from 2019
Total
3,175
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
7.9%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13702 | high | — | 8.0 | — | Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. | |||
| CVE-2019-13704 | high | — | 8.0 | — | Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2019-13706 | high | — | 8.0 | — | Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2019-13713 | high | — | 8.0 | — | Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||
| CVE-2019-1350 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |||
| CVE-2019-19882 | high | — | 8.0 | — | shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… | |||
| CVE-2019-5852 | high | — | 8.0 | — | Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-5850 | high | — | 8.0 | — | Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2019-11461 | high | — | 8.0 | — | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … | |||
| CVE-2019-5794 | high | — | 8.0 | — | Incorrect handling of cancelled requests in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2019-5861 | high | — | 8.0 | — | Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | |||
| CVE-2019-7524 | high | — | 8.0 | — | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing c… | |||
| CVE-2019-5849 | high | — | 8.0 | — | Out of bounds read in Skia in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||
| CVE-2019-8377 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… | |||
| CVE-2019-5792 | high | — | 8.0 | — | Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |||
| CVE-2019-11741 | high | — | 8.0 | — | A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org a… | |||
| CVE-2019-1351 | high | — | 8.0 | — | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'. | |||
| CVE-2019-18182 | high | — | 8.0 | — | arbitrary command execution in pacman | |||
| CVE-2019-1354 | high | — | 8.0 | — | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-201… | |||
| CVE-2019-19977 | high | — | 8.0 | — | libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. | |||
| CVE-2019-14318 | high | — | 8.0 | — | Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing opera… | |||
| CVE-2019-25016 | high | — | 8.0 | — | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed t… | |||
| CVE-2019-5787 | high | — | 8.0 | — | Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-9686 | high | — | 8.0 | — | arbitrary code execution in pacman | |||
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |||
| CVE-2019-5868 | high | — | 8.0 | — | Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2019-6474 | high | — | 8.0 | — | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… | |||
| CVE-2019-6473 | high | — | 8.0 | — | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… | |||
| CVE-2019-3871 | high | — | 8.0 | — | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the … | |||
| CVE-2019-19604 | high | — | 8.0 | — | Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can… | |||
| CVE-2019-5842 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-11683 | high | — | 8.0 | — | udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have un… | |||
| CVE-2019-8904 | high | — | 8.0 | — | do_bid_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printf and file_vprintf. | |||
| CVE-2019-8905 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. | |||
| CVE-2019-8906 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | |||
| CVE-2019-8907 | high | — | 8.0 | — | do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. | |||
| CVE-2019-8381 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an… | |||
| CVE-2019-5790 | high | — | 8.0 | — | An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafte… | |||
| CVE-2019-15717 | high | — | 8.0 | — | Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | |||
| CVE-2019-19450 | high | — | 8.0 | 3y ago | RHSA-2023:5790: python-reportlab security update (Important) | |||
| CVE-2019-17626 | high | — | 8.0 | 4y ago | RHSA-2020:0201: python-reportlab security update (Important) | |||
| CVE-2019-10195 | high | — | 8.0 | 4y ago | RHBA-2019:4268: idm:DL1 bug fix update (Important) | |||
| CVE-2019-18466 | high | — | 8.0 | 4y ago | RHSA-2019:4269: container-tools:rhel8 security and bug fix update (Important) | |||
| CVE-2019-9514 | high | — | 8.0 | 4y ago | RHSA-2019:4273: container-tools:1.0 security update (Important) | |||
| CVE-2019-9512 | high | — | 8.0 | 4y ago | RHSA-2019:4273: container-tools:1.0 security update (Important) | |||
| CVE-2019-10353 | high | — | 8.0 | 4y ago | Cross-Site Request Forgery in Jenkins | |||
| CVE-2019-10354 | high | — | 8.0 | 4y ago | Missing Authorization in Jenkins | |||
| CVE-2019-10352 | high | — | 8.0 | 4y ago | Improper Limitation of a Pathname to a Restricted Directory in Jenkins | |||
| CVE-2019-0981 | high | — | 8.0 | 4y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-0980 | high | — | 8.0 | 4y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-2435 | high | — | 8.0 | 4y ago | Improper Access Control in MySQL Connector Python | |||
| CVE-2019-5885 | high | — | 8.0 | 4y ago | Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers … | |||
| CVE-2019-16884 | high | — | 8.0 | 4y ago | RHSA-2019:4269: container-tools:rhel8 security and bug fix update (Important) | |||
| CVE-2019-10214 | high | — | 8.0 | 4y ago | RHSA-2019:3494: container-tools:1.0 security and bug fix update (Important) | |||
| CVE-2019-14867 | high | — | 8.0 | 5y ago | RHBA-2019:4268: idm:DL1 bug fix update (Important) | |||
| CVE-2019-0820 | high | — | 8.0 | 5y ago | RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important) | |||
| CVE-2019-18811 | high | — | 8.0 | 5y ago | A memory leak in the sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering s… | |||
| CVE-2019-19528 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | |||
| CVE-2019-19523 | high | — | 8.0 | 5y ago | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | |||
| CVE-2019-2974 | high | — | 8.0 | 6y ago | RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-2938 | high | — | 8.0 | 6y ago | RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-2967 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2968 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2960 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2957 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2963 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2997 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2966 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2946 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-3018 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2914 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2911 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-3011 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2982 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2991 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2993 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-2998 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-3004 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-3009 | high | — | 8.0 | 6y ago | RHSA-2020:3732: mysql:8.0 security update (Important) | |||
| CVE-2019-10130 | high | — | 8.0 | 6y ago | RHSA-2020:5619: postgresql:9.6 security update (Important) | |||
| CVE-2019-10208 | high | — | 8.0 | 6y ago | RHSA-2020:5619: postgresql:9.6 security update (Important) | |||
| CVE-2019-17639 | high | — | 8.0 | 6y ago | RHSA-2020:3386: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-3016 | high | — | 8.0 | 6y ago | In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linu… | |||
| CVE-2019-19807 | high | — | 8.0 | 6y ago | In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. Th… | |||
| CVE-2019-20382 | high | — | 8.0 | 6y ago | QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is n… | |||
| CVE-2019-10086 | high | — | 8.0 | 6y ago | RHSA-2025:9318: javapackages-tools:201801 security update (Important) | |||
| CVE-2019-0199 | high | — | 8.0 | 6y ago | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without re… | |||
| CVE-2019-12525 | high | — | 8.0 | 6y ago | RHSA-2020:2041: squid:4 security update (Important) | |||
| CVE-2019-12519 | high | — | 8.0 | 6y ago | RHSA-2020:2041: squid:4 security update (Important) | |||
| CVE-2019-19045 | high | — | 8.0 | 6y ago | A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory… | |||
| CVE-2019-15221 | high | — | 8.0 | 6y ago | An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | |||
| CVE-2019-15090 | high | — | 8.0 | 6y ago | An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | |||
| CVE-2019-15223 | high | — | 8.0 | 6y ago | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/driver.c driver. | |||
| CVE-2019-19055 | high | — | 8.0 | 6y ago | A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by trig… | |||
| CVE-2019-5108 | high | — | 8.0 | 6y ago | An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for statio… | |||
| CVE-2019-17055 | high | — | 8.0 | 6y ago | base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw sock… | |||
| CVE-2019-16234 | high | — | 8.0 | 6y ago | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | |||
| CVE-2019-10639 | high | — | 8.0 | 6y ago | The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the K… | |||
| CVE-2019-15099 | high | — | 8.0 | 6y ago | drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | |||
| CVE-2019-12819 | high | — | 8.0 | 6y ago | An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. Th… |