VYPR

CVEs

100,082 total · page 1616 of 2,002

  • CVE-2019-5425HigApr 10, 2019
    risk 0.57cvss 8.8epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root.

  • CVE-2019-5424HigApr 10, 2019
    risk 0.57cvss 8.8epss 0.02

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user.

  • CVE-2019-6287HigApr 10, 2019
    risk 0.53cvss 8.1epss 0.01

    In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.

  • CVE-2019-0199HigApr 10, 2019
    risk 0.55cvss 7.5epss 0.73

    The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that…

  • CVE-2018-20321HigApr 10, 2019
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated…

  • CVE-2019-3842HigApr 9, 2019
    risk 0.49cvss 7.0epss 0.01

    In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be…

  • CVE-2019-0879HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.10

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0877.

  • CVE-2019-0877HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.05

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0851, CVE-2019-0879.

  • CVE-2019-0875HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.03

    An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions, aka 'Azure DevOps Server Elevation of Privilege Vulnerability'.

  • CVE-2019-0862HigApr 9, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.

  • CVE-2019-0861HigApr 9, 2019
    risk 0.43cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812,…

  • CVE-2019-0860HigApr 9, 2019
    risk 0.43cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812,…

  • CVE-2019-0859HigKEVApr 9, 2019
    risk 0.63cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.

  • CVE-2019-0856HigApr 9, 2019
    risk 0.48cvss 7.2epss 0.18

    A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.

  • CVE-2019-0853HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.28

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

  • CVE-2019-0851HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879.

  • CVE-2019-0847HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.

  • CVE-2019-0846HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.16

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879.

  • CVE-2019-0845HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content, aka 'Windows IOleCvt Interface Remote Code Execution Vulnerability'.

  • CVE-2019-0842HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.18

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.

  • CVE-2019-0841HigKEVApr 9, 2019
    risk 0.75cvss 7.8epss 0.41

    An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.

  • CVE-2019-0838HigApr 9, 2019
    risk 0.51cvss 7.8epss 0.02

    An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka 'Windows Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0839.

  • CVE-2019-0836HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.

  • CVE-2019-0829HigApr 9, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812,…

  • CVE-2019-0828HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

  • CVE-2019-0827HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824,…

  • CVE-2019-0826HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824,…

  • CVE-2019-0825HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824,…

  • CVE-2019-0824HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825,…

  • CVE-2019-0823HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.11

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825,…

  • CVE-2019-0822HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.14

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

  • CVE-2019-0815HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.07

    A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

  • CVE-2019-0812HigApr 9, 2019
    risk 0.43cvss 7.5epss 0.19

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829,…

  • CVE-2019-0810HigApr 9, 2019
    risk 0.43cvss 7.5epss 0.12

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829,…

  • CVE-2019-0806HigApr 9, 2019
    risk 0.42cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829,…

  • CVE-2019-0805HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.

  • CVE-2019-0803HigKEVApr 9, 2019
    risk 0.69cvss 7.8epss 0.45

    An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

  • CVE-2019-0801HigApr 9, 2019
    risk 0.52cvss 7.8epss 0.19

    A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also…

  • CVE-2019-0795HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.21

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0793.

  • CVE-2019-0794HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.15

    A remote code execution vulnerability exists when OLE automation improperly handles objects in memory, aka 'OLE Automation Remote Code Execution Vulnerability'.

  • CVE-2019-0793HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0792, CVE-2019-0795.

  • CVE-2019-0792HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0791, CVE-2019-0793, CVE-2019-0795.

  • CVE-2019-0791HigApr 9, 2019
    risk 0.59cvss 8.8epss 0.17

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0790, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.

  • CVE-2019-0790HigApr 9, 2019
    risk 0.58cvss 8.8epss 0.16

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0791, CVE-2019-0792, CVE-2019-0793, CVE-2019-0795.

  • CVE-2019-0753HigApr 9, 2019
    risk 0.49cvss 7.5epss 0.09

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.

  • CVE-2019-0752HigKEVApr 9, 2019
    risk 0.76cvss 7.5epss 0.82

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.

  • CVE-2019-0739HigApr 9, 2019
    risk 0.50cvss 7.5epss 0.11

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.

  • CVE-2019-0735HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Elevation of Privilege Vulnerability'.

  • CVE-2019-0732HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.04

    A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Security Feature Bypass Vulnerability'.

  • CVE-2019-0731HigApr 9, 2019
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.