CVEs from 2019
Total
3,164
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17011 | critical | — | 9.5 | 7y ago | Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulner… | |||
| CVE-2019-17010 | critical | — | 9.5 | 7y ago | Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash.… | |||
| CVE-2019-17005 | critical | — | 9.5 | 7y ago | The plain text serializer used a fixed-size array for the number of <ol> elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a poten… | |||
| CVE-2019-11759 | critical | — | 9.5 | 7y ago | An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a c… | |||
| CVE-2019-15903 | critical | — | 9.5 | 7y ago | In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumn… | |||
| CVE-2019-11762 | critical | — | 9.5 | 7y ago | If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulner… | |||
| CVE-2019-11764 | critical | — | 9.5 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2019-11760 | critical | — | 9.5 | 7y ago | A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderb… | |||
| CVE-2019-11757 | critical | — | 9.5 | 7y ago | When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitabl… | |||
| CVE-2019-11761 | critical | — | 9.5 | 7y ago | By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it … | |||
| CVE-2019-11763 | critical | — | 9.5 | 7y ago | Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could… | |||
| CVE-2019-11719 | critical | — | 9.5 | 7y ago | When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to inf… | |||
| CVE-2019-11729 | critical | — | 9.5 | 7y ago | Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8… | |||
| CVE-2019-11727 | critical | — | 9.5 | 7y ago | A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in Certificat… | |||
| CVE-2019-11730 | critical | — | 9.5 | 7y ago | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. … | |||
| CVE-2019-11715 | critical | — | 9.5 | 7y ago | Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability aff… | |||
| CVE-2019-9811 | critical | — | 9.5 | 7y ago | As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This v… | |||
| CVE-2019-11717 | critical | — | 9.5 | 7y ago | A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vuln… | |||
| CVE-2019-11713 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.… | |||
| CVE-2019-11712 | critical | — | 9.5 | 7y ago | POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) a… | |||
| CVE-2019-11711 | critical | — | 9.5 | 7y ago | When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page… | |||
| CVE-2019-11709 | critical | — | 9.5 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enoug… | |||
| CVE-2019-11698 | critical | — | 9.5 | 7y ago | If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's b… | |||
| CVE-2019-9800 | critical | — | 9.5 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we pres… | |||
| CVE-2019-9797 | critical | — | 9.5 | 7y ago | Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a can… | |||
| CVE-2019-11692 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunde… | |||
| CVE-2019-11693 | critical | — | 9.5 | 7y ago | The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploita… | |||
| CVE-2019-9820 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.… | |||
| CVE-2019-11691 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially explo… | |||
| CVE-2019-5798 | critical | — | 9.5 | 7y ago | Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||
| CVE-2019-9819 | critical | — | 9.5 | 7y ago | A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefo… | |||
| CVE-2019-9817 | critical | — | 9.5 | 7y ago | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerabi… | |||
| CVE-2019-2449 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2019-2422 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2019-10245 | critical | — | 9.5 | 7y ago | RHSA-2019:1238: java-1.8.0-ibm security update (Critical) | |||
| CVE-2019-9790 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially e… | |||
| CVE-2019-9795 | critical | — | 9.5 | 7y ago | A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affe… | |||
| CVE-2019-9796 | critical | — | 9.5 | 7y ago | A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is lat… | |||
| CVE-2019-9793 | critical | — | 9.5 | 7y ago | A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create… | |||
| CVE-2019-9788 | critical | — | 9.5 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we pres… | |||
| CVE-2019-25052 | critical | 9.1 | 9.1 | 5y ago | In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. | |||
| CVE-2019-14197 | critical | 9.1 | 9.1 | 7y ago | An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply. | |||
| CVE-2019-5796 | high | — | 9.0 | — | Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5797 | high | — | 9.0 | — | Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5788 | high | — | 9.0 | — | An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbit… | |||
| CVE-2019-5789 | high | — | 9.0 | — | An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary… | |||
| CVE-2019-8943 | high | — | 9.0 | — | WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two … | |||
| CVE-2019-18634 | high | — | 9.0 | 6y ago | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and ele… | |||
| CVE-2019-19844 | high | — | 9.0 | 7y ago | Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of… | |||
| CVE-2019-14378 | high | — | 9.0 | 7y ago | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | |||
| CVE-2019-14287 | high | — | 9.0 | 7y ago | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a cra… | |||
| CVE-2019-11599 | high | — | 9.0 | 7y ago | The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sen… | |||
| CVE-2019-1125 | high | — | 9.0 | 7y ago | An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged … | |||
| CVE-2019-12735 | high | — | 9.0 | 7y ago | RHSA-2019:1619: vim security update (Important) | |||
| CVE-2019-11706 | high | — | 9.0 | 7y ago | multiple issues in thunderbird | |||
| CVE-2019-11704 | high | — | 9.0 | 7y ago | multiple issues in thunderbird | |||
| CVE-2019-11703 | high | — | 9.0 | 7y ago | multiple issues in thunderbird | |||
| CVE-2019-11705 | high | — | 9.0 | 7y ago | multiple issues in thunderbird | |||
| CVE-2019-9213 | high | — | 9.0 | 7y ago | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SM… | |||
| CVE-2019-5736 | high | — | 9.0 | 7y ago | RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important) | |||
| CVE-2019-6116 | high | — | 9.0 | 7y ago | RHSA-2019:0971: ghostscript security update (Important) | |||
| CVE-2019-13721 | high | 8.8 | 8.8 | 7y ago | Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-25719 | high | 8.6 | 8.6 | 3d ago | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow netwo… | |||
| CVE-2019-25736 | high | 8.4 | 8.4 | 1d ago | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a… | |||
| CVE-2019-25735 | high | 8.4 | 8.4 | 1d ago | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Att… | |||
| CVE-2019-25733 | high | 8.4 | 8.4 | 1d ago | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a… | |||
| CVE-2019-25718 | high | 8.4 | 8.4 | 4d ago | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter… | |||
| CVE-2019-25650 | high | 8.4 | 8.4 | 2mo ago | River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_en… | |||
| CVE-2019-25651 | high | 8.3 | 8.3 | 2mo ago | Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 u… | |||
| CVE-2019-25745 | high | 8.2 | 8.2 | 1d ago | WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through th… | |||
| CVE-2019-25732 | high | 8.2 | 8.2 | 1d ago | PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers… | |||
| CVE-2019-25730 | high | 8.2 | 8.2 | 1d ago | Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s… | |||
| CVE-2019-25728 | high | 8.2 | 8.2 | 1d ago | Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject … | |||
| CVE-2019-25726 | high | 8.2 | 8.2 | 1d ago | All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. At… | |||
| CVE-2019-25642 | high | 8.2 | 8.2 | 2mo ago | Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can… | |||
| CVE-2019-25640 | high | 8.2 | 8.2 | 2mo ago | Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usi… | |||
| CVE-2019-6820 | high | 8.2 | 8.2 | 7y ago | A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a speci… | |||
| CVE-2019-13533 | high | 8.1 | 8.1 | 7y ago | In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening … | |||
| CVE-2019-9848 | high | — | 8.0 | — | LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLo… | |||
| CVE-2019-15717 | high | — | 8.0 | — | Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. | |||
| CVE-2019-5842 | high | — | 8.0 | — | Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-11461 | high | — | 8.0 | — | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI … | |||
| CVE-2019-6133 | high | — | 8.0 | — | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to la… | |||
| CVE-2019-8376 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay… | |||
| CVE-2019-12881 | high | — | 8.0 | — | i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) o… | |||
| CVE-2019-5802 | high | — | 8.0 | — | Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||
| CVE-2019-5800 | high | — | 8.0 | — | Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||
| CVE-2019-5787 | high | — | 8.0 | — | Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-13718 | high | — | 8.0 | — | Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||
| CVE-2019-13703 | high | — | 8.0 | — | Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||
| CVE-2019-13707 | high | — | 8.0 | — | Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. | |||
| CVE-2019-8377 | high | — | 8.0 | — | An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcprep… | |||
| CVE-2019-5847 | high | — | 8.0 | — | Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5867 | high | — | 8.0 | — | Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||
| CVE-2019-5864 | high | — | 8.0 | — | Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted C… | |||
| CVE-2019-11737 | high | — | 8.0 | — | If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly … | |||
| CVE-2019-6474 | high | — | 8.0 | — | A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leas… | |||
| CVE-2019-6473 | high | — | 8.0 | — | An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0… | |||
| CVE-2019-11734 | high | — | 8.0 | — | Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of… | |||
| CVE-2019-5799 | high | — | 8.0 | — | Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. |