Critical
CVE-2004-2776
go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
Read moreUncategorized 2019
Page 1/22.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2019-12-31
Critical
CVE-2019-7162
An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the pro…
Read more2019-12-30
High
CVE-2019-13465
An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a…
Read moreMedium
CVE-2019-4655
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error withi…
Read moreMedium
CVE-2019-15024
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom…
Read more2019-12-27
Critical
CVE-2019-20049
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload…
Read more2019-12-26
High
CVE-2019-19996
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} s…
Read moreHigh
CVE-2019-6026
Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope Cat client program (MR)LanScope Cat detection agent (DA) prior to Ver.9.2.1.0, LanScope Ca…
Read moreMedium
CVE-2019-6023
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
Read moreMedium
CVE-2019-6017
REMISE Payment Module (2.11, 2.12 and 2.13) version 3.0.12 and earlier allow remote attackers to [Disclosed_Information_type] via unspecified vectors.
Read moreMedium
CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administra…
Read more2019-12-25
Medium
CVE-2019-19963
An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-chann…
Read moreMedium
CVE-2019-19960
In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
Read more2019-12-24
High
CVE-2019-5702
NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to…
Read more2019-12-23
Critical
CVE-2019-7488
Weak default password cause vulnerability in SonicWall Email Security appliance which leads to attacker gain access to appliance database. This vulnerability affected Email Security Appliance version…
Read moreMedium
CVE-2019-3430
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the sy…
Read moreMedium
CVE-2019-6688
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5 and BIG-IQ versions 6.0.0-6.1.0 and 5.2.0-5.4.0, a user is able to obtain the sec…
Read moreMedium
CVE-2019-6686
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, the Traffic Management Microkernel (TMM) might stop responding after the total number of diameter connections and pe…
Read moreHigh
CVE-2019-6684
On versions 15.0.0-15.0.1.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, under certain conditions, a multi-bladed BIG-IP Virtual Clustered Multiprocessing (vCMP) may drop br…
Read moreHigh
CVE-2019-6680
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5, while processing traffic through a standard virtual server that targets a FastL4 vir…
Read moreMedium
CVE-2019-5267
Huawei OceanStor SNS3096 V100R002C01 have an information disclosure vulnerability. Attackers with low privilege can exploit this vulnerability by performing some specific operations. Successful explo…
Read moreHigh
CVE-2019-5265
Huawei Share function in P30 9.1.0.193(C00E190R2P1) smartphone has an improper access control vulnerability. The function incorrectly controls certain access messages, attackers can simulate a sender…
Read moreHigh
CVE-2019-12418
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration f…
Read moreMedium
CVE-2019-6678
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, the TMM process may restart when the packet filter feature is enabled.
Read moreHigh
CVE-2019-6677
On BIG-IP versions 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, under certain conditions when using custom TCP congestion control settings in a TCP profile, TMM st…
Read moreHigh
CVE-2019-6676
On versions 15.0.0-15.0.1, 14.0.0-14.1.2.2, and 13.1.0-13.1.3.1, TMM may restart on BIG-IP Virtual Edition (VE) when using virtio direct descriptors and packets 2 KB or larger.
Read more2019-12-20
Medium
CVE-2019-19691
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must…
Read more2019-12-19
High
CVE-2019-19234
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to…
Read moreHigh
CVE-2019-19232
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The so…
Read moreHigh
CVE-2019-18181
In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configl…
Read moreCritical
CVE-2019-16462
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffe…
Read moreCritical
CVE-2019-16453
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a secur…
Read moreCritical
CVE-2019-16444
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a binar…
Read more2019-12-18
High
CVE-2019-17390
An issue was discovered in the Outlook add-in in Pronestor Planner before 8.1.77. There is local privilege escalation in the Health Monitor service because PronestorHealthMonitor.exe access control i…
Read moreMedium
CVE-2019-19788
Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandb…
Read moreHigh
CVE-2019-11147
Insufficient access control in hardware abstraction driver for MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for Intel(R) T…
Read moreCritical
CVE-2019-11131
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
Read moreMedium
CVE-2019-11110
Authentication bypass in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileg…
Read moreMedium
CVE-2019-11109
Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of…
Read moreMedium
CVE-2019-11105
Logic issue in subsystem for Intel(R) CSME before versions 12.0.45, 13.0.10 and 14.0.10 may allow a privileged user to potentially enable escalation of privilege and information disclosure via local…
Read moreHigh
CVE-2019-1387
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that…
Read moreHigh
CVE-2019-19688
A privilege escalation vulnerability in Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited allowing an attacker to place a malicious DLL file into the application…
Read moreHigh
CVE-2019-11995
Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2…
Read moreCritical
CVE-2019-8849
The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code.
Read moreHigh
CVE-2019-8805
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application…
Read moreMedium
CVE-2019-8793
A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2. A local us…
Read moreLow
CVE-2019-8775
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13.1 and iPadOS 13.1. A person with physical access to an iOS device may be able to access contac…
Read moreHigh
CVE-2019-8772
An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltra…
Read moreMedium
CVE-2019-8770
The issue was addressed with improved permissions logic. This issue is fixed in macOS Catalina 10.15. A malicious application may be able to access recent documents.
Read moreMedium
CVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafte…
Read moreLow
CVE-2019-8742
The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 13. A person with physical access to an iOS device may be able to access contacts from the lock s…
Read moreMedium
CVE-2019-8727
A logic issue was addressed with improved state management. This issue is fixed in iOS 13. Visiting a malicious website may lead to address bar spoofing.
Read moreMedium
CVE-2019-8725
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.
Read moreHigh
CVE-2019-8699
A logic issue existed in the handling of answering phone calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4. The initiator of a phone call may be able to c…
Read moreMedium
CVE-2019-8667
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6. The encryption status of a Time Machine backup may be incorrect.
Read moreMedium
CVE-2019-8663
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6. A remote attacker may be able to leak memory.
Read moreHigh
CVE-2019-8659
This issue was addressed with improved checks. This issue is fixed in watchOS 5.3. Users removed from an iMessage conversation may still be able to alter state.
Read moreLow
CVE-2019-8630
The issue was addressed with improved UI handling. This issue is fixed in iOS 12.3. The lock screen may show a locked icon after unlocking.
Read moreCritical
CVE-2019-8617
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.3. A sandboxed process may be able to circumvent sandbox restrictions.
Read moreLow
CVE-2019-8599
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 12.3. A person with physical access to an iOS device may be able to see the email address used for iTunes.
Read moreHigh
CVE-2019-8590
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with kernel privileges.
Read moreMedium
CVE-2019-8589
This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.5. A malicious application may bypass Gatekeeper checks.
Read moreMedium
CVE-2019-8554
A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions. This issue is fixed in iOS 12.2. A website may be able to access senso…
Read moreMedium
CVE-2019-8546
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A local user may be able to view sensitive user information.
Read moreLow
CVE-2019-8541
A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to tra…
Read moreMedium
CVE-2019-8537
An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes.
Read moreMedium
CVE-2019-8530
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.
Read moreMedium
CVE-2019-8521
This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.
Read moreHigh
CVE-2019-8514
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. An application may be able to gain elevated privileges.
Read moreMedium
CVE-2019-7284
This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
Read moreHigh
CVE-2019-6239
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks.
Read moreMedium
CVE-2019-6222
A consistency issue was addressed with improved state handling. This issue is fixed in iOS 12.2. A website may be able to access the microphone without the microphone use indicator being shown.
Read moreHigh
CVE-2019-2274
Improper Access Control for RPU write access from secure processor in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial…
Read moreMedium
CVE-2019-10482
Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute…
Read more2019-12-17
Medium
CVE-2019-17336
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an…
Read moreMedium
CVE-2019-17335
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an…
Read moreHigh
CVE-2019-19241
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and n…
Read moreHigh
CVE-2019-18825
Barco ClickShare Huddle CS-100 devices before 1.9.0 and CSE-200 devices before 1.9.0 have incorrect Credentials Management. The ClickShare Base Unit implements encryption at rest using encryption key…
Read moreMedium
CVE-2019-19830
_core_/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database.
Read more2019-12-16
Medium
CVE-2019-12413
In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query.
Read moreMedium
CVE-2019-18579
Settings for the Dell XPS 13 2-in-1 (7390) BIOS versions prior to 1.1.3 contain a configuration vulnerability. The BIOS configuration for the "Enable Thunderbolt (and PCIe behind TBT) pre-boot module…
Read moreHigh
CVE-2019-14610
Improper access control in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.
Read moreMedium
CVE-2019-11157
Improper conditions check in voltage settings for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege and/or information disclosure via local access.
Read moreMedium
CVE-2019-11096
Insufficient memory protection for Intel(R) Ethernet I218 Adapter driver for Windows* 10 before version 24.1 may allow an authenticated user to potentially enable information disclosure via local acc…
Read moreHigh
CVE-2019-0159
Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters before version 24.3 may allow an authenticated user to potentially enable escalation of privilege via lo…
Read moreMedium
CVE-2019-19743
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
Read moreMedium
CVE-2019-4560
IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357.
Read more2019-12-13
High
CVE-2019-5277
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
Read moreMedium
CVE-2019-5264
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The softwa…
Read moreHigh
CVE-2019-19774
An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypa…
Read moreMedium
CVE-2019-5290
Huawei S5700 and S6700 have a DoS security vulnerability. Attackers with certain permissions perform specific operations on affected devices. Because the pointer in the program is not processed prope…
Read moreHigh
CVE-2019-19397
There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks.
Read moreHigh
CVE-2019-19501
VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe.
Read moreCritical
CVE-2019-18802
An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different st…
Read moreHigh
CVE-2019-13347
An issue was discovered in the SAML Single Sign On (SSO) plugin for several Atlassian products affecting versions 3.1.0 through 3.2.2 for Jira and Confluence, versions 2.4.0 through 3.0.3 for Bitbuck…
Read more2019-12-12
High
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurren…
Read moreHigh
CVE-2019-18311
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending s…
Read moreHigh
CVE-2019-19248
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2).
Read moreHigh
CVE-2019-19247
Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2).
Read moreHigh
CVE-2019-2338
Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit…
Read more2019-12-11
High
CVE-2019-17087
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system runn…
Read moreMedium
CVE-2019-0402
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure.
Read moreMedium
CVE-2019-0399
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects…
Read moreHigh
CVE-2019-19583
An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Please see XSA-260…
Read moreHigh
CVE-2019-18377
Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicatio…
Read moreMedium
CVE-2019-15009
The /json/profile/removeStarAjax.do resource in Atlassian Fisheye and Crucible before version 4.8.0 allows remote attackers to remove another user's favourite setting for a project via an improper au…
Read moreHigh
CVE-2019-19707
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
Read more2019-12-10
Low
CVE-2019-1488
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.
Read moreHigh
CVE-2019-1478
An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.
Read moreHigh
CVE-2019-1477
An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vuln…
Read moreHigh
CVE-2019-1476
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique…
Read moreMedium
CVE-2019-1461
A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'.
Read moreHigh
CVE-2019-1458
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
Read moreHigh
CVE-2019-1453
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Pr…
Read moreMedium
CVE-2019-13763
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
Read moreMedium
CVE-2019-13761
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Read moreMedium
CVE-2019-13759
Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Read moreMedium
CVE-2019-13758
Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Read moreMedium
CVE-2019-13757
Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
Read moreMedium
CVE-2019-13756
Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Read more