| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9483 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2019 | The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the… | ||
| CVE-2015-9482 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2019 | The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat… | ||
| CVE-2015-9481 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2019 | The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | ||
| CVE-2019-17499 | Hig | 0.57 | 8.8 | 0.03 | Oct 11, 2019 | The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. | ||
| CVE-2010-5335 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can… | ||
| CVE-2010-5334 | Hig | 0.49 | 7.5 | 0.03 | Oct 11, 2019 | IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be… | ||
| CVE-2019-17490 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | ||
| CVE-2019-17386 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php. | ||
| CVE-2019-9534 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2019 | The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware… | ||
| CVE-2019-9532 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2019 | The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal. | ||
| CVE-2019-15051 | Hig | 0.57 | 8.8 | 0.03 | Oct 10, 2019 | An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | ||
| CVE-2019-11528 | Hig | 0.49 | 7.5 | 0.01 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable. | ||
| CVE-2019-11527 | Hig | 0.57 | 8.8 | 0.03 | Oct 10, 2019 | An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter. | ||
| CVE-2019-5527 | Hig | 0.57 | 8.8 | 0.00 | Oct 10, 2019 | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | ||
| CVE-2015-9480 | Hig | 0.50 | 7.5 | 0.13 | Oct 10, 2019 | The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. | ||
| CVE-2015-9477 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates. | ||
| CVE-2015-9476 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates. | ||
| CVE-2015-9475 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | The Pont theme 1.5 for WordPress has insufficient restrictions on option updates. | ||
| CVE-2015-9474 | Hig | 0.57 | 8.8 | 0.01 | Oct 10, 2019 | The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates. | ||
| CVE-2015-9473 | Hig | 0.49 | 7.5 | 0.04 | Oct 10, 2019 | The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter. | ||
| CVE-2015-9470 | Hig | 0.49 | 7.5 | 0.04 | Oct 10, 2019 | The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter. | ||
| CVE-2015-9465 | Hig | 0.57 | 8.8 | 0.02 | Oct 10, 2019 | The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. | ||
| CVE-2015-9463 | Hig | 0.49 | 7.5 | 0.04 | Oct 10, 2019 | The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | ||
| CVE-2015-9464 | Hig | 0.49 | 7.5 | 0.04 | Oct 10, 2019 | The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter. | ||
| CVE-2015-9462 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | ||
| CVE-2015-9461 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | ||
| CVE-2015-9460 | Hig | 0.57 | 8.8 | 0.02 | Oct 10, 2019 | The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | ||
| CVE-2015-9458 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | ||
| CVE-2015-9457 | Hig | 0.47 | 7.2 | 0.02 | Oct 10, 2019 | The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | ||
| CVE-2019-1378 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1371 | Hig | 0.49 | 7.5 | 0.07 | Oct 10, 2019 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | ||
| CVE-2019-1366 | Hig | 0.43 | 7.5 | 0.10 | Oct 10, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335. | ||
| CVE-2019-1364 | Hig | 0.54 | 7.8 | 0.03 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362. | ||
| CVE-2019-1362 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364. | ||
| CVE-2019-1359 | Hig | 0.52 | 7.8 | 0.18 | Oct 10, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358. | ||
| CVE-2019-1358 | Hig | 0.57 | 7.8 | 0.76 | Oct 10, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359. | ||
| CVE-2019-1342 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | ||
| CVE-2019-1341 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1340 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.… | ||
| CVE-2019-1339 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. | ||
| CVE-2019-1336 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323. | ||
| CVE-2019-1335 | Hig | 0.43 | 7.5 | 0.10 | Oct 10, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366. | ||
| CVE-2019-1333 | Hig | 0.58 | 8.8 | 0.15 | Oct 10, 2019 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | ||
| CVE-2019-1331 | Hig | 0.59 | 8.8 | 0.18 | Oct 10, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327. | ||
| CVE-2019-1327 | Hig | 0.58 | 8.8 | 0.13 | Oct 10, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331. | ||
| CVE-2019-1326 | Hig | 0.49 | 7.5 | 0.06 | Oct 10, 2019 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | ||
| CVE-2019-1323 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336. | ||
| CVE-2019-1322 | Hig | 0.73 | 7.8 | 0.19 | KEV | Oct 10, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. | |
| CVE-2019-1321 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1320 | Hig | 0.51 | 7.8 | 0.01 | Oct 10, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340. |
- risk 0.49cvss 7.5epss 0.03
The ThemeMakers Invento Responsive Gallery/Architecture Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the…
- risk 0.49cvss 7.5epss 0.03
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat…
- risk 0.49cvss 7.5epss 0.03
The ThemeMakers Diplomat | Political theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI.
- risk 0.57cvss 8.8epss 0.03
The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter.
- risk 0.49cvss 7.5epss 0.03
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properly sanitised and can…
- risk 0.49cvss 7.5epss 0.03
IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised and can therefore be…
- risk 0.57cvss 8.8epss 0.01
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.
- risk 0.57cvss 8.8epss 0.01
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.
- risk 0.51cvss 7.8epss 0.00
The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware…
- risk 0.51cvss 7.8epss 0.00
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, sends the login password in cleartext. This could allow an unauthenticated, local attacker to intercept the password and gain access to the portal.
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Softing uaGate SI 1.60.01. A CGI script is vulnerable to command injection with a maliciously crafted url parameter.
- risk 0.57cvss 8.8epss 0.00
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.
- risk 0.50cvss 7.5epss 0.13
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
- risk 0.57cvss 8.8epss 0.01
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
- risk 0.57cvss 8.8epss 0.01
The Teardrop theme 1.8.1 for WordPress has insufficient restrictions on option updates.
- risk 0.57cvss 8.8epss 0.01
The Pont theme 1.5 for WordPress has insufficient restrictions on option updates.
- risk 0.57cvss 8.8epss 0.01
The Simpolio theme 1.3.2 for WordPress has insufficient restrictions on option updates.
- risk 0.49cvss 7.5epss 0.04
The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.
- risk 0.49cvss 7.5epss 0.04
The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.
- risk 0.57cvss 8.8epss 0.02
The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.
- risk 0.49cvss 7.5epss 0.04
The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
- risk 0.49cvss 7.5epss 0.04
The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.
- risk 0.47cvss 7.2epss 0.02
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter.
- risk 0.47cvss 7.2epss 0.02
The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter.
- risk 0.57cvss 8.8epss 0.02
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
- risk 0.47cvss 7.2epss 0.02
The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF.
- risk 0.47cvss 7.2epss 0.02
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows 10 Update Assistant in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows 10 Update Assistant Elevation of Privilege Vulnerability'.
- risk 0.49cvss 7.5epss 0.07
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
- risk 0.43cvss 7.5epss 0.10
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.
- risk 0.54cvss 7.8epss 0.03
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.
- risk 0.52cvss 7.8epss 0.18
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1358.
- risk 0.57cvss 7.8epss 0.76
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'.…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.
- risk 0.43cvss 7.5epss 0.10
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.
- risk 0.58cvss 8.8epss 0.15
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
- risk 0.59cvss 8.8epss 0.18
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
- risk 0.58cvss 8.8epss 0.13
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
- risk 0.49cvss 7.5epss 0.06
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.
- risk 0.73cvss 7.8epss 0.19
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.