VYPR

CVEs

101,963 total · page 1604 of 2,040

  • CVE-2019-14422HigAug 15, 2019
    risk 0.62cvss 8.8epss 0.16

    An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A…

  • CVE-2019-13222HigAug 15, 2019
    risk 0.00cvss 7.1epss 0.01

    An out-of-bounds read of a global buffer in the draw_line function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

  • CVE-2019-13221HigAug 15, 2019
    risk 0.00cvss 7.8epss 0.01

    A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

  • CVE-2019-13220HigAug 15, 2019
    risk 0.00cvss 7.1epss 0.01

    Use of uninitialized stack variables in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or disclose sensitive information by opening a crafted Ogg Vorbis file.

  • CVE-2019-13217HigAug 15, 2019
    risk 0.00cvss 7.8epss 0.02

    A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.

  • CVE-2019-12854HigAug 15, 2019
    risk 0.50cvss 7.5epss 0.12

    Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

  • CVE-2019-14788HigAug 15, 2019
    risk 0.57cvss 8.8epss 0.04

    wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

  • CVE-2019-3417HigAug 15, 2019
    risk 0.57cvss 8.8epss 0.02

    All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.

  • CVE-2019-14755HigAug 15, 2019
    risk 0.57cvss 8.8epss 0.02

    The profile photo upload feature in Leaf Admin 61.9.0212.10 f allows Unrestricted Upload of a File with a Dangerous Type.

  • CVE-2019-15062HigAug 14, 2019
    risk 0.45cvss 8.0epss 0.01

    An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is…

  • CVE-2019-1258HigAug 14, 2019
    risk 0.58cvss 8.8epss 0.04

    An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker…

  • CVE-2019-1229HigAug 14, 2019
    risk 0.57cvss 8.8epss 0.03

    An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this…

  • CVE-2019-1225HigAug 14, 2019
    risk 0.50cvss 7.5epss 0.10

    An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an…

  • CVE-2019-1224HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.08

    An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an…

  • CVE-2019-1223HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.05

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to…

  • CVE-2019-1211HigAug 14, 2019
    risk 0.48cvss 7.3epss 0.02

    An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated…

  • CVE-2019-1206HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.05

    A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive. To exploit the…

  • CVE-2019-1201HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.…

  • CVE-2019-1200HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current…

  • CVE-2019-1199HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on…

  • CVE-2019-1194HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.03

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker…

  • CVE-2019-1190HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1188HigAug 14, 2019
    risk 0.49cvss 7.5epss 0.04

    A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured…

  • CVE-2019-1186HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1185HigAug 14, 2019
    risk 0.48cvss 7.3epss 0.01

    An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1183HigAug 14, 2019
    risk 0.58cvss 8.8epss 0.05

    This information is being revised to indicate that this CVE (CVE-2019-1183) is fully mitigated by the security updates for the vulnerability discussed in CVE-2019-1194. No update is required.

  • CVE-2019-1180HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1179HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1178HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1177HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run…

  • CVE-2019-1176HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create…

  • CVE-2019-1175HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could…

  • CVE-2019-1174HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1173HigAug 14, 2019
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated…

  • CVE-2019-1170HigAug 14, 2019
    risk 0.55cvss 7.9epss 0.02

    An elevation of privilege vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system. To exploit the…

  • CVE-2019-1169HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;…

  • CVE-2019-1168HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then…

  • CVE-2019-1164HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2019-1162HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then…

  • CVE-2019-1161HigAug 14, 2019
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could…

  • CVE-2019-1159HigAug 14, 2019
    risk 0.52cvss 7.8epss 0.12

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete…

  • CVE-2019-1157HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1156HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1155HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1152HigAug 14, 2019
    risk 0.61cvss 8.8epss 0.13

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1151HigAug 14, 2019
    risk 0.61cvss 8.8epss 0.15

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1150HigAug 14, 2019
    risk 0.63cvss 8.8epss 0.29

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1149HigAug 14, 2019
    risk 0.61cvss 8.8epss 0.14

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view,…

  • CVE-2019-1147HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…

  • CVE-2019-1146HigAug 14, 2019
    risk 0.51cvss 7.8epss 0.04

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by…