CVEs from 2019
Total
3,163
critical
critical 231
high
high 484
medium
medium 483
low
low 94
% Critical
7.3%
% with KEV
3.7%
% with exploit
8.0%
Top vendors
- intel 246
- schneider-electric 117
- netapp 61
- siemens 58
- oracle 36
- hp 23
- denx 20
- phoenixcontact 9
Top products
- u-boot 20
- crimson 8
- active_iq_unified_manager 7
- weblogic_server 5
- jdk 5
- oncommand_workflow_automation 5
- codeready_linux_builder_eus 4
- oncommand_insight 4
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-3874 | high | — | 8.0 | 7y ago | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches … | |||
| CVE-2019-12382 | high | — | 8.0 | 7y ago | An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause … | |||
| CVE-2019-15916 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | |||
| CVE-2019-15920 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.10. SMB2_read in fs/cifs/smb2pdu.c has a use-after-free. NOTE: this was not fixed correctly in 5.0.10; see the 5.0.11 ChangeLog, which documents… | |||
| CVE-2019-9506 | high | — | 8.0 | 7y ago | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This al… | |||
| CVE-2019-15921 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c. | |||
| CVE-2019-15924 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_… | |||
| CVE-2019-15666 | high | — | 8.0 | 7y ago | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfr… | |||
| CVE-2019-10126 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly oth… | |||
| CVE-2019-10207 | high | — | 8.0 | 7y ago | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth… | |||
| CVE-2019-13233 | high | — | 8.0 | 7y ago | In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX boun… | |||
| CVE-2019-14821 | high | — | 8.0 | 7y ago | An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO r… | |||
| CVE-2019-10638 | high | — | 8.0 | 7y ago | In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to mu… | |||
| CVE-2019-13648 | high | — | 8.0 | 7y ago | In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a s… | |||
| CVE-2019-11758 | high | — | 8.0 | 7y ago | RHSA-2019:3237: thunderbird security update (Important) | |||
| CVE-2019-16865 | high | — | 8.0 | 7y ago | RHSA-2020:0580: python-pillow security update (Important) | |||
| CVE-2019-2949 | high | — | 8.0 | 7y ago | RHSA-2020:2241: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-2977 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-2987 | high | — | 8.0 | 7y ago | RHSA-2019:3135: java-11-openjdk security update (Important) | |||
| CVE-2019-5737 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9515 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9517 | high | — | 8.0 | 7y ago | Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without const… | |||
| CVE-2019-9518 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-11500 | high | — | 8.0 | 7y ago | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead … | |||
| CVE-2019-14835 | high | — | 8.0 | 7y ago | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migra… | |||
| CVE-2019-13638 | high | — | 8.0 | 7y ago | RHSA-2019:2798: patch security update (Important) | |||
| CVE-2019-9516 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9513 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-9511 | high | — | 8.0 | 7y ago | RHSA-2019:2925: nodejs:10 security update (Important) | |||
| CVE-2019-11739 | high | — | 8.0 | 7y ago | RHSA-2019:2774: thunderbird security update (Important) | |||
| CVE-2019-3887 | high | — | 8.0 | 7y ago | A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via … | |||
| CVE-2019-11487 | high | — | 8.0 | 7y ago | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/… | |||
| CVE-2019-9503 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a re… | |||
| CVE-2019-3846 | high | — | 8.0 | 7y ago | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |||
| CVE-2019-9500 | high | — | 8.0 | 7y ago | The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malic… | |||
| CVE-2019-12817 | high | — | 8.0 | 7y ago | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain condit… | |||
| CVE-2019-11740 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume th… | |||
| CVE-2019-11742 | high | — | 8.0 | 7y ago | A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied … | |||
| CVE-2019-11743 | high | — | 8.0 | 7y ago | Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to … | |||
| CVE-2019-11744 | high | — | 8.0 | 7y ago | Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these… | |||
| CVE-2019-11749 | high | — | 8.0 | 7y ago | A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggeri… | |||
| CVE-2019-11735 | high | — | 8.0 | 7y ago | Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough … | |||
| CVE-2019-9812 | high | — | 8.0 | 7y ago | Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a maliciou… | |||
| CVE-2019-11747 | high | — | 8.0 | 7y ago | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security … | |||
| CVE-2019-11738 | high | — | 8.0 | 7y ago | If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for mal… | |||
| CVE-2019-11746 | high | — | 8.0 | 7y ago | A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox… | |||
| CVE-2019-11752 | high | — | 8.0 | 7y ago | It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects … | |||
| CVE-2019-11750 | high | — | 8.0 | 7y ago | A type confusion vulnerability exists in Spidermonkey, which results in a non-exploitable crash. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||
| CVE-2019-11748 | high | — | 8.0 | 7y ago | WebRTC in Firefox will honor persisted permissions given to sites for access to microphone and camera resources even when in a third-party context. In light of recent high profile vulnerabilities in … | |||
| CVE-2019-12527 | high | — | 8.0 | 7y ago | RHSA-2019:2593: squid:4 security update (Important) | |||
| CVE-2019-11772 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-14817 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14813 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14811 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-14812 | high | — | 8.0 | 7y ago | RHSA-2019:2591: ghostscript security update (Important) | |||
| CVE-2019-11775 | high | — | 8.0 | 7y ago | RHSA-2019:2590: java-1.8.0-ibm security update (Important) | |||
| CVE-2019-1010238 | high | — | 8.0 | 7y ago | RHSA-2019:2582: pango security update (Important) | |||
| CVE-2019-0203 | high | — | 8.0 | 7y ago | RHSA-2019:2512: subversion:1.10 security update (Important) | |||
| CVE-2019-2687 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2797 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2780 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2795 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2784 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2757 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2686 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2685 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2683 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2681 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2796 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2778 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2785 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2625 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2636 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2630 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2774 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2688 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2789 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2635 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2695 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2801 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2802 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2803 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2644 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2811 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2626 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2814 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2800 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2969 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2624 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2634 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2752 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2879 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2808 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2812 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2631 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2436 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2810 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2826 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2798 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) | |||
| CVE-2019-2607 | high | — | 8.0 | 7y ago | RHSA-2019:2511: mysql:8.0 security update (Important) |