CVEs from 2019
Total
3,163
critical
critical 238
high
high 485
medium
medium 485
low
low 94
% Critical
7.5%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11884 | high | — | 8.0 | 7y ago | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNA… | |||
| CVE-2019-10224 | high | — | 8.0 | 7y ago | RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important) | |||
| CVE-2019-7222 | high | — | 8.0 | 7y ago | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | |||
| CVE-2019-16994 | high | — | 8.0 | 7y ago | In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12… | |||
| CVE-2019-25160 | high | — | 8.0 | 7y ago | In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), t… | |||
| CVE-2019-15927 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. | |||
| CVE-2019-15924 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_… | |||
| CVE-2019-15921 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | |||
| CVE-2019-15920 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents… | |||
| CVE-2019-15916 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | |||
| CVE-2019-12382 | high | — | 8.0 | 7y ago | An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause … | |||
| CVE-2019-3460 | high | — | 8.0 | 7y ago | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | |||
| CVE-2019-15666 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfr… | |||
| CVE-2019-3900 | high | — | 8.0 | 7y ago | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets f… | |||
| CVE-2019-3882 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local a… | |||
| CVE-2019-10126 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly oth… | |||
| CVE-2019-10207 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth… | |||
| CVE-2019-10638 | high | — | 8.0 | 7y ago | In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mu… | |||
| CVE-2019-15919 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. SMB2_write in fs/cifs/smb2pdu.c has a use-after-free. | |||
| CVE-2019-20811 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | |||
| CVE-2019-5489 | high | — | 8.0 | 7y ago | The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allow… | |||
| CVE-2019-11758 | high | — | 8.0 | 7y ago | RHSA-2019:3237: thunderbird security update (Important) | |||
| CVE-2019-16865 | high | — | 8.0 | 7y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2019-2949 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2977 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-2987 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-9517 | high | — | 8.0 | 7y ago | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without const… | |||
| CVE-2019-9518 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9515 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-5737 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-14835 | high | — | 8.0 | 7y ago | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migra… | |||
| CVE-2019-11500 | high | — | 8.0 | 7y ago | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … | |||
| CVE-2019-13638 | high | — | 8.0 | 7y ago | RHSA-2019:2798: patch security update (Important) | |||
| CVE-2019-9516 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9513 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9511 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-11739 | high | — | 8.0 | 7y ago | RHSA-2019:2774: thunderbird security update (Important) | |||
| CVE-2019-11487 | high | — | 8.0 | 7y ago | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/… | |||
| CVE-2019-3846 | high | — | 8.0 | 7y ago | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |||
| CVE-2019-12817 | high | — | 8.0 | 7y ago | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain condit… | |||
| CVE-2019-9500 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malic… | |||
| CVE-2019-9503 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a re… | |||
| CVE-2019-3887 | high | — | 8.0 | 7y ago | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via … | |||
| CVE-2019-11735 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough … | |||
| CVE-2019-11748 | high | — | 8.0 | 7y ago | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in … | |||
| CVE-2019-11747 | high | — | 8.0 | 7y ago | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security … | |||
| CVE-2019-11738 | high | — | 8.0 | 7y ago | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for mal… | |||
| CVE-2019-11746 | high | — | 8.0 | 7y ago | A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox… | |||
| CVE-2019-11742 | high | — | 8.0 | 7y ago | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied … | |||
| CVE-2019-11750 | high | — | 8.0 | 7y ago | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||
| CVE-2019-11752 | high | — | 8.0 | 7y ago | It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects … | |||
| CVE-2019-11740 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume th… | |||
| CVE-2019-11744 | high | — | 8.0 | 7y ago | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these… | |||
| CVE-2019-11749 | high | — | 8.0 | 7y ago | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggeri… | |||
| CVE-2019-11743 | high | — | 8.0 | 7y ago | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to … | |||
| CVE-2019-9812 | high | — | 8.0 | 7y ago | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a maliciou… | |||
| CVE-2019-12527 | high | — | 8.0 | 7y ago | RHSA-2019:2593: squid:4 security update (Important) | |||
| CVE-2019-14813 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-11772 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-14817 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14812 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14811 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-11775 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-1010238 | high | — | 8.0 | 7y ago | RHSA-2019:2582: pango security update (Important) | |||
| CVE-2019-0203 | high | — | 8.0 | 7y ago | RHSA-2019:2512: subversion:1.10 security update (Important) | |||
| CVE-2019-2593 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2624 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2752 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2879 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2738 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2757 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2784 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2785 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2795 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2797 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2808 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2812 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2810 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2815 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2819 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2830 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2834 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2969 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2539 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2580 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2606 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2581 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2585 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2587 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2623 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2589 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2592 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2596 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2631 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2634 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2636 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2689 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2694 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2644 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2533 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) |