CVEs from 2019
Total
3,163
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25160 | high | — | 8.0 | 7y ago | In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), t… | |||
| CVE-2019-11833 | high | — | 8.0 | 7y ago | fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading unini… | |||
| CVE-2019-15920 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents… | |||
| CVE-2019-3874 | high | — | 8.0 | 7y ago | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches … | |||
| CVE-2019-11884 | high | — | 8.0 | 7y ago | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNA… | |||
| CVE-2019-15924 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_… | |||
| CVE-2019-13233 | high | — | 8.0 | 7y ago | In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX boun… | |||
| CVE-2019-10224 | high | — | 8.0 | 7y ago | RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-14824 | high | — | 8.0 | 7y ago | RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-5489 | high | — | 8.0 | 7y ago | The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allow… | |||
| CVE-2019-10638 | high | — | 8.0 | 7y ago | In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mu… | |||
| CVE-2019-13648 | high | — | 8.0 | 7y ago | In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a s… | |||
| CVE-2019-3883 | high | — | 8.0 | 7y ago | RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-10207 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth… | |||
| CVE-2019-15214 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is … | |||
| CVE-2019-15919 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | |||
| CVE-2019-7222 | high | — | 8.0 | 7y ago | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | |||
| CVE-2019-14821 | high | — | 8.0 | 7y ago | An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO r… | |||
| CVE-2019-16994 | high | — | 8.0 | 7y ago | In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12… | |||
| CVE-2019-9506 | high | — | 8.0 | 7y ago | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This al… | |||
| CVE-2019-15927 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | |||
| CVE-2019-11758 | high | — | 8.0 | 7y ago | RHSA-2019:3237: thunderbird security update (Important) | |||
| CVE-2019-16865 | high | — | 8.0 | 7y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2019-2949 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2987 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-2977 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-9518 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-5737 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9515 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9517 | high | — | 8.0 | 7y ago | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without const… | |||
| CVE-2019-11500 | high | — | 8.0 | 7y ago | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … | |||
| CVE-2019-14835 | high | — | 8.0 | 7y ago | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migra… | |||
| CVE-2019-13638 | high | — | 8.0 | 7y ago | RHSA-2019:2798: patch security update (Important) | |||
| CVE-2019-9513 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9511 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9516 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-11739 | high | — | 8.0 | 7y ago | RHSA-2019:2774: thunderbird security update (Important) | |||
| CVE-2019-9503 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a re… | |||
| CVE-2019-12817 | high | — | 8.0 | 7y ago | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain condit… | |||
| CVE-2019-3887 | high | — | 8.0 | 7y ago | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via … | |||
| CVE-2019-11487 | high | — | 8.0 | 7y ago | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/… | |||
| CVE-2019-3846 | high | — | 8.0 | 7y ago | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |||
| CVE-2019-9500 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malic… | |||
| CVE-2019-11743 | high | — | 8.0 | 7y ago | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to … | |||
| CVE-2019-9812 | high | — | 8.0 | 7y ago | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a maliciou… | |||
| CVE-2019-11735 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough … | |||
| CVE-2019-11744 | high | — | 8.0 | 7y ago | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these… | |||
| CVE-2019-11742 | high | — | 8.0 | 7y ago | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied … | |||
| CVE-2019-11740 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume th… | |||
| CVE-2019-11746 | high | — | 8.0 | 7y ago | A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox… | |||
| CVE-2019-11748 | high | — | 8.0 | 7y ago | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in … | |||
| CVE-2019-11738 | high | — | 8.0 | 7y ago | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for mal… | |||
| CVE-2019-11749 | high | — | 8.0 | 7y ago | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggeri… | |||
| CVE-2019-11750 | high | — | 8.0 | 7y ago | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||
| CVE-2019-11747 | high | — | 8.0 | 7y ago | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security … | |||
| CVE-2019-11752 | high | — | 8.0 | 7y ago | It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects … | |||
| CVE-2019-12527 | high | — | 8.0 | 7y ago | RHSA-2019:2593: squid:4 security update (Important) | |||
| CVE-2019-14812 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-11772 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-14817 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14811 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14813 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-11775 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-1010238 | high | — | 8.0 | 7y ago | RHSA-2019:2582: pango security update (Important) | |||
| CVE-2019-0203 | high | — | 8.0 | 7y ago | RHSA-2019:2512: subversion:1.10 security update (Important) | |||
| CVE-2019-2503 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2624 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2789 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2800 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2801 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2802 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2803 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2812 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2810 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2811 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2815 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2819 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2826 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2830 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2834 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2950 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-3003 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2436 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2738 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2486 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2494 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2507 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2495 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2502 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2528 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2529 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2530 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2531 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2584 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2620 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2532 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2625 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2688 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2631 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2634 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) |