VYPR

CVEs

101,963 total · page 1593 of 2,040

  • CVE-2019-1277HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows Audio Service when a malformed parameter is processed, aka 'Windows Audio Service Elevation of Privilege Vulnerability'.

  • CVE-2019-1272HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…

  • CVE-2019-1271HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'.

  • CVE-2019-1269HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC…

  • CVE-2019-1268HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege exists when Winlogon does not properly handle file path information, aka 'Winlogon Elevation of Privilege Vulnerability'.

  • CVE-2019-1267HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.

  • CVE-2019-1265HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.03

    A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting…

  • CVE-2019-1264HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.04

    A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.

  • CVE-2019-1261HigSep 11, 2019
    risk 0.57cvss 8.8epss 0.02

    A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…

  • CVE-2019-1259HigSep 11, 2019
    risk 0.57cvss 8.8epss 0.01

    A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a…

  • CVE-2019-1257HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.12

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.

  • CVE-2019-1256HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285.

  • CVE-2019-1253HigKEVSep 11, 2019
    risk 0.73cvss 7.8epss 0.12

    An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID…

  • CVE-2019-1250HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…

  • CVE-2019-1249HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…

  • CVE-2019-1248HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…

  • CVE-2019-1247HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…

  • CVE-2019-1246HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.13

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243,…

  • CVE-2019-1243HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246,…

  • CVE-2019-1242HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246,…

  • CVE-2019-1241HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.17

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,…

  • CVE-2019-1240HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.12

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246,…

  • CVE-2019-1237HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298,…

  • CVE-2019-1236HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.08

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208.

  • CVE-2019-1235HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.

  • CVE-2019-1233HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.06

    A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.

  • CVE-2019-1232HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.

  • CVE-2019-1221HigSep 11, 2019
    risk 0.50cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

  • CVE-2019-1217HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298,…

  • CVE-2019-1215HigKEVSep 11, 2019
    risk 0.73cvss 7.8epss 0.19

    An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

  • CVE-2019-1214HigKEVSep 11, 2019
    risk 0.63cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'.

  • CVE-2019-1208HigSep 11, 2019
    risk 0.50cvss 7.5epss 0.13

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1236.

  • CVE-2019-1138HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298,…

  • CVE-2019-16247HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.00

    Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b.

  • CVE-2019-0788HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.12

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0787, CVE-2019-1290, CVE-2019-1291.

  • CVE-2019-0787HigSep 11, 2019
    risk 0.58cvss 8.8epss 0.13

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-2019-1291.

  • CVE-2019-13544HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.02

    Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution.

  • CVE-2019-13540HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    Delta Electronics TPEditor, Versions 1.94 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2019-13536HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.01

    Delta Electronics TPEditor, Versions 1.94 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to remotely execute arbitrary code.

  • CVE-2019-3763HigSep 11, 2019
    risk 0.57cvss 8.8epss 0.00

    The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An…

  • CVE-2019-11769HigSep 11, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in TeamViewer 14.2.2558. Updating the product as a non-administrative user requires entering administrative credentials into the GUI. Subsequently, these credentials are processed in Teamviewer.exe, which allows any application running in the same…

  • CVE-2019-16237HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.01

    Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala.

  • CVE-2019-16236HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.02

    Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.

  • CVE-2019-16235HigSep 11, 2019
    risk 0.42cvss 7.5epss 0.01

    Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala.

  • CVE-2019-11777HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with…

  • CVE-2019-16098HigSep 11, 2019
    risk 0.52cvss 7.8epss 0.18

    The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and…

  • CVE-2019-3644HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.02

    McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

  • CVE-2019-16228HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

  • CVE-2019-16226HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.

  • CVE-2019-14724HigSep 11, 2019
    risk 0.49cvss 7.5epss 0.04

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.