| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1277 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1272 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC… | ||
| CVE-2019-1271 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1269 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC… | ||
| CVE-2019-1268 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1267 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1265 | Hig | 0.49 | 7.5 | 0.03 | Sep 11, 2019 | A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting… | ||
| CVE-2019-1264 | Hig | 0.51 | 7.8 | 0.04 | Sep 11, 2019 | A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | ||
| CVE-2019-1261 | Hig | 0.57 | 8.8 | 0.02 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a… | ||
| CVE-2019-1259 | Hig | 0.57 | 8.8 | 0.01 | Sep 11, 2019 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a… | ||
| CVE-2019-1257 | Hig | 0.58 | 8.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. | ||
| CVE-2019-1256 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | ||
| CVE-2019-1253 | Hig | 0.73 | 7.8 | 0.12 | KEV | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID… | |
| CVE-2019-1250 | Hig | 0.52 | 7.8 | 0.19 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,… | ||
| CVE-2019-1249 | Hig | 0.52 | 7.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,… | ||
| CVE-2019-1248 | Hig | 0.52 | 7.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,… | ||
| CVE-2019-1247 | Hig | 0.52 | 7.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,… | ||
| CVE-2019-1246 | Hig | 0.52 | 7.8 | 0.13 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,… | ||
| CVE-2019-1243 | Hig | 0.52 | 7.8 | 0.19 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246,… | ||
| CVE-2019-1242 | Hig | 0.52 | 7.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246,… | ||
| CVE-2019-1241 | Hig | 0.52 | 7.8 | 0.17 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,… | ||
| CVE-2019-1240 | Hig | 0.52 | 7.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,… | ||
| CVE-2019-1237 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298,… | ||
| CVE-2019-1236 | Hig | 0.49 | 7.5 | 0.08 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. | ||
| CVE-2019-1235 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1233 | Hig | 0.49 | 7.5 | 0.06 | Sep 11, 2019 | A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | ||
| CVE-2019-1232 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | ||
| CVE-2019-1221 | Hig | 0.50 | 7.5 | 0.19 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | ||
| CVE-2019-1217 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298,… | ||
| CVE-2019-1215 | Hig | 0.73 | 7.8 | 0.19 | KEV | Sep 11, 2019 | An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | |
| CVE-2019-1214 | Hig | 0.63 | 7.8 | 0.01 | KEV | Sep 11, 2019 | An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. | |
| CVE-2019-1208 | Hig | 0.50 | 7.5 | 0.13 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236. | ||
| CVE-2019-1138 | Hig | 0.42 | 7.5 | 0.09 | Sep 11, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298,… | ||
| CVE-2019-16247 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2019 | Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b. | ||
| CVE-2019-0788 | Hig | 0.58 | 8.8 | 0.12 | Sep 11, 2019 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291. | ||
| CVE-2019-0787 | Hig | 0.58 | 8.8 | 0.13 | Sep 11, 2019 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291. | ||
| CVE-2019-13544 | Hig | 0.51 | 7.8 | 0.02 | Sep 11, 2019 | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. | ||
| CVE-2019-13540 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | ||
| CVE-2019-13536 | Hig | 0.51 | 7.8 | 0.01 | Sep 11, 2019 | Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code. | ||
| CVE-2019-3763 | Hig | 0.57 | 8.8 | 0.00 | Sep 11, 2019 | The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An… | ||
| CVE-2019-11769 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2019 | An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same… | ||
| CVE-2019-16237 | Hig | 0.42 | 7.5 | 0.01 | Sep 11, 2019 | Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | ||
| CVE-2019-16236 | Hig | 0.42 | 7.5 | 0.02 | Sep 11, 2019 | Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | ||
| CVE-2019-16235 | Hig | 0.42 | 7.5 | 0.01 | Sep 11, 2019 | Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | ||
| CVE-2019-11777 | — | Hig | 0.49 | 7.5 | 0.01 | Sep 11, 2019 | In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with… | |
| CVE-2019-16098 | Hig | 0.52 | 7.8 | 0.18 | Sep 11, 2019 | The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and… | ||
| CVE-2019-3644 | Hig | 0.49 | 7.5 | 0.02 | Sep 11, 2019 | McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies. | ||
| CVE-2019-16228 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 11, 2019 | An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |
| CVE-2019-16226 | — | Hig | 0.49 | 7.5 | 0.02 | Sep 11, 2019 | An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | |
| CVE-2019-14724 | Hig | 0.49 | 7.5 | 0.04 | Sep 11, 2019 | In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. |
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.
- risk 0.49cvss 7.5epss 0.03
A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting…
- risk 0.51cvss 7.8epss 0.04
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
- risk 0.57cvss 8.8epss 0.02
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…
- risk 0.57cvss 8.8epss 0.01
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…
- risk 0.58cvss 8.8epss 0.12
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.
- risk 0.73cvss 7.8epss 0.12
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID…
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…
- risk 0.52cvss 7.8epss 0.12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…
- risk 0.52cvss 7.8epss 0.12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…
- risk 0.52cvss 7.8epss 0.12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…
- risk 0.52cvss 7.8epss 0.13
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246,…
- risk 0.52cvss 7.8epss 0.12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246,…
- risk 0.52cvss 7.8epss 0.17
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,…
- risk 0.52cvss 7.8epss 0.12
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,…
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298,…
- risk 0.49cvss 7.5epss 0.08
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.
- risk 0.49cvss 7.5epss 0.06
A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
- risk 0.50cvss 7.5epss 0.19
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298,…
- risk 0.73cvss 7.8epss 0.19
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
- risk 0.63cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.
- risk 0.50cvss 7.5epss 0.13
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.
- risk 0.42cvss 7.5epss 0.09
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298,…
- risk 0.51cvss 7.8epss 0.00
Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b.
- risk 0.58cvss 8.8epss 0.12
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.
- risk 0.58cvss 8.8epss 0.13
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.
- risk 0.51cvss 7.8epss 0.02
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.
- risk 0.51cvss 7.8epss 0.01
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.
- risk 0.57cvss 8.8epss 0.00
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An…
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same…
- risk 0.42cvss 7.5epss 0.01
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.
- risk 0.42cvss 7.5epss 0.02
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
- risk 0.42cvss 7.5epss 0.01
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.
- risk 0.49cvss 7.5epss 0.01
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with…
- risk 0.52cvss 7.8epss 0.18
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and…
- risk 0.49cvss 7.5epss 0.02
McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
- risk 0.49cvss 7.5epss 0.04
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.