| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16293 | Hig | 0.50 | 8.8 | 0.02 | Sep 13, 2019 | The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | ||
| CVE-2019-13532 | Hig | 0.49 | 7.5 | 0.03 | Sep 13, 2019 | CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller. | ||
| CVE-2019-10937 | Hig | 0.49 | 7.5 | 0.01 | Sep 13, 2019 | A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device.… | ||
| CVE-2019-16288 | Hig | 0.49 | 7.5 | 0.01 | Sep 13, 2019 | On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | ||
| CVE-2019-12516 | Hig | 0.57 | 8.8 | 0.02 | Sep 13, 2019 | The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI. | ||
| CVE-2016-10951 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | ||
| CVE-2016-10950 | Hig | 0.57 | 8.8 | 0.02 | Sep 13, 2019 | The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | ||
| CVE-2016-10949 | Hig | 0.57 | 8.8 | 0.02 | Sep 13, 2019 | The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | ||
| CVE-2016-10948 | Hig | 0.53 | 8.1 | 0.02 | Sep 13, 2019 | The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. | ||
| CVE-2016-10947 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | ||
| CVE-2016-10946 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2019 | The wp-d3 plugin before 2.4.1 for WordPress has CSRF. | ||
| CVE-2019-16277 | Hig | 0.51 | 7.8 | 0.01 | Sep 13, 2019 | PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | ||
| CVE-2017-18614 | Hig | 0.53 | 8.1 | 0.02 | Sep 13, 2019 | The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter. | ||
| CVE-2016-10945 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2019 | The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. | ||
| CVE-2016-10944 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2019 | The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. | ||
| CVE-2016-10943 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | ||
| CVE-2016-10940 | Hig | 0.47 | 7.2 | 0.06 | Sep 13, 2019 | The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | ||
| CVE-2016-10939 | Hig | 0.47 | 7.2 | 0.02 | Sep 13, 2019 | The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | ||
| CVE-2019-13534 | Hig | 0.47 | 7.2 | 0.01 | Sep 12, 2019 | Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by… | ||
| CVE-2019-13530 | Hig | 0.47 | 7.2 | 0.01 | Sep 12, 2019 | Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by… | ||
| CVE-2019-8076 | Hig | 0.51 | 7.8 | 0.04 | Sep 12, 2019 | Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | ||
| CVE-2019-11899 | Hig | 0.49 | 7.5 | 0.01 | Sep 12, 2019 | An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator. | ||
| CVE-2019-11774 | Hig | 0.48 | 7.4 | 0.01 | Sep 12, 2019 | Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that… | ||
| CVE-2019-11773 | Hig | 0.51 | 7.8 | 0.00 | Sep 12, 2019 | Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||
| CVE-2019-6007 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2019 | Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. | ||
| CVE-2019-5996 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2019 | SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2019-5993 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2019 | Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||
| CVE-2019-5992 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2019 | Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||
| CVE-2019-5991 | Hig | 0.49 | 7.6 | 0.01 | Sep 12, 2019 | SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2019-5986 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2019 | Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI… | ||
| CVE-2019-3638 | Hig | 0.53 | 8.1 | 0.02 | Sep 12, 2019 | Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to… | ||
| CVE-2019-10392 | Hig | 0.52 | 8.8 | 0.26 | Sep 12, 2019 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | ||
| CVE-2019-16250 | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2019 | includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence. | ||
| CVE-2019-5055 | Hig | 0.49 | 7.5 | 0.02 | Sep 11, 2019 | An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a… | ||
| CVE-2019-5054 | Hig | 0.49 | 7.5 | 0.03 | Sep 11, 2019 | An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null… | ||
| CVE-2019-1303 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID… | ||
| CVE-2019-1302 | Hig | 0.58 | 8.8 | 0.05 | Sep 11, 2019 | An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | ||
| CVE-2019-1301 | Hig | 0.49 | 7.5 | 0.05 | Sep 11, 2019 | A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. | ||
| CVE-2019-1300 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,… | ||
| CVE-2019-1298 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,… | ||
| CVE-2019-1297 | Hig | 0.71 | 8.8 | 0.22 | KEV | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |
| CVE-2019-1296 | Hig | 0.58 | 8.8 | 0.08 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. | ||
| CVE-2019-1295 | Hig | 0.58 | 8.8 | 0.08 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. | ||
| CVE-2019-1291 | Hig | 0.58 | 8.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290. | ||
| CVE-2019-1290 | Hig | 0.58 | 8.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291. | ||
| CVE-2019-1287 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1285 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256. | ||
| CVE-2019-1284 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1280 | Hig | 0.52 | 7.8 | 0.19 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution… | ||
| CVE-2019-1278 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. |
- risk 0.50cvss 8.8epss 0.02
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
- risk 0.49cvss 7.5epss 0.03
CODESYS V3 web server, all versions prior to 3.5.14.10, allows an attacker to send specially crafted http or https requests which may allow access to files outside the restricted working directory of the controller.
- risk 0.49cvss 7.5epss 0.01
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device.…
- risk 0.49cvss 7.5epss 0.01
On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash.
- risk 0.57cvss 8.8epss 0.02
The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI.
- risk 0.47cvss 7.2epss 0.02
The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter.
- risk 0.57cvss 8.8epss 0.02
The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter.
- risk 0.57cvss 8.8epss 0.02
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
- risk 0.53cvss 8.1epss 0.02
The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function.
- risk 0.47cvss 7.2epss 0.02
The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin.
- risk 0.57cvss 8.8epss 0.01
The wp-d3 plugin before 2.4.1 for WordPress has CSRF.
- risk 0.51cvss 7.8epss 0.01
PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.
- risk 0.53cvss 8.1epss 0.02
The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
- risk 0.57cvss 8.8epss 0.01
The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.
- risk 0.57cvss 8.8epss 0.01
The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF.
- risk 0.47cvss 7.2epss 0.02
The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter.
- risk 0.47cvss 7.2epss 0.06
The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter.
- risk 0.47cvss 7.2epss 0.02
The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter.
- risk 0.47cvss 7.2epss 0.01
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…
- risk 0.47cvss 7.2epss 0.01
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…
- risk 0.51cvss 7.8epss 0.04
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
- risk 0.49cvss 7.5epss 0.01
An unauthenticated attacker can achieve unauthorized access to sensitive data by exploiting Windows SMB protocol on a client installation. With Bosch Access Professional Edition (APE) 3.8, client installations need to be authorized by the APE administrator.
- risk 0.48cvss 7.4epss 0.01
Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that…
- risk 0.51cvss 7.8epss 0.00
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
- risk 0.57cvss 8.8epss 0.02
Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the Video Insight VMS 7.3.2.5 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Category Specific RSS feed Subscription version v2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in WordPress Ultra Simple Paypal Shopping Cart v4.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- risk 0.49cvss 7.6epss 0.01
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI…
- risk 0.53cvss 8.1epss 0.02
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to…
- risk 0.52cvss 8.8epss 0.26
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
- risk 0.49cvss 7.5epss 0.01
includes/wizard/wizard.php in the Ocean Extra plugin through 1.5.8 for WordPress allows unauthenticated options changes and injection of a Cascading Style Sheets (CSS) token sequence.
- risk 0.49cvss 7.5epss 0.02
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a…
- risk 0.49cvss 7.5epss 0.03
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID…
- risk 0.58cvss 8.8epss 0.05
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
- risk 0.49cvss 7.5epss 0.05
A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237,…
- risk 0.71cvss 8.8epss 0.22
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- risk 0.58cvss 8.8epss 0.08
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
- risk 0.58cvss 8.8epss 0.08
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
- risk 0.58cvss 8.8epss 0.12
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1290.
- risk 0.58cvss 8.8epss 0.12
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-0788, CVE-2019-1291.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory, aka 'Windows Network Connectivity Assistant Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1256.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303.