CVE Daily
← All years

Uncategorized 2019

Page 22/22.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2019-01-08
Medium

CVE-2019-0569

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2019-0564

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique fr…

CVSS: 7.5CWE: CWE-19
Read more
Medium

CVE-2019-0562

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 36…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2019-0560

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Office…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2019-0559

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 3…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2019-0554

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2019-0553

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka "Windows Subsystem for Linux Information Disclosure Vulnerability." This affe…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2019-0549

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2019-0548

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This C…

CVSS: 7.5CWE: CWE-19
Read more
High

CVE-2019-0546

A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability.…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2019-0538

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka "Jet Database Engine Remote Code Execution Vulnerability." This affects Win…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2019-0537

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Informatio…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2019-0536

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows…

CVSS: 5.5CWE: N/A
Read more
High

CVE-2019-0249

Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2019-0248

Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted.

CVSS: 5.9CWE: N/A
Read more
High

CVE-2019-0241

SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2019-0240

SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide malicious input in the form of a SAP BI link, preventing legitimate users from accessing the applicati…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2018-2499

A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user.

CVSS: 7.5CWE: N/A
Read more
2019-01-04
Medium

CVE-2018-1859

IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258.

CVSS: 4.3CWE: N/A
Read more
2019-01-03
Medium

CVE-2018-15780

RSA Archer versions prior to 6.5.0.1 contain an improper access control vulnerability. A remote malicious user could potentially exploit this vulnerability to bypass authorization checks and gain rea…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2017-18330

Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, M…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-18327

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MD…

CVSS: 5.5CWE: CWE-310
Read more
Medium

CVE-2017-18323

Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9645, MDM9…

CVSS: 5.5CWE: CWE-320
Read more
Medium

CVE-2017-18319

Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205…

CVSS: 5.5CWE: CWE-320
Read more
High

CVE-2017-18141

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2017-11004

A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU,…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2018-18893

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.

CVSS: 5.3CWE: N/A
Read more
2019-01-02
High

CVE-2018-17188

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the und…

CVSS: 7.2CWE: N/A
Read more
>