Skip to main content
CVE-2019-0988 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2019-0909 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2019-6582 HIGH PATCH This Week

A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), Siveillance VMS 2018 R2 (All versions < V12.2a), Siveillance. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Siveillance Video Management Software 2017 R2 Siveillance Video Management Software 2018 R1 Siveillance Video Management Software 2018 R2 Siveillance Video Management Software 2018 R3 +1
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2019-10925 HIGH This Week

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Simatic Mv420 Firmware Simatic Mv440 Firmware
NVD
CVSS 3.1
7.1
EPSS
2.3%
CVE-2019-1041 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.0).

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2019-1018 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-1017 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-1014 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-0984 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-0960 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. Rated high severity (CVSS 7.0).

Microsoft RCE Windows 7 Windows Server 2008
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-0308 MEDIUM This Month

An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP E Commerce
NVD
CVSS 3.0
6.8
EPSS
0.9%
CVE-2019-0713 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2019-0711 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2019-0710 MEDIUM PATCH This Month

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2019-1025 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2019-1023 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Chakracore Edge
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2019-0996 MEDIUM PATCH This Month

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Microsoft CSRF Azure Devops Server
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2019-0990 MEDIUM PATCH This Month

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Microsoft Information Disclosure Chakracore Edge
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2019-0972 MEDIUM PATCH This Month

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.5
EPSS
5.8%
CVE-2019-0307 LOW POC Monitor

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Solution Manager
NVD GitHub
CVSS 3.0
2.4
EPSS
2.1%
CVE-2019-1043 MEDIUM PATCH This Month

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.4
EPSS
3.0%
CVE-2019-1053 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2019-0986 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. Rated medium severity (CVSS 6.3).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2019-0311 MEDIUM This Month

Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP R 3 Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-1029 MEDIUM PATCH This Month

A denial of service vulnerability exists in Skype for Business. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Lync Server
NVD
CVSS 3.0
5.9
EPSS
5.3%
CVE-2019-10150 MEDIUM This Month

It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Openshift Container Platform
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-0314 MEDIUM This Month

SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Work Manager Inventory Manager
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2019-6567 MEDIUM PATCH This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Siemens Information Disclosure Scalance X 200 Firmware Scalance X 200Irt Firmware Scalance X 300 Firmware +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-1039 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-10157 MEDIUM PATCH This Month

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Node.js Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2019-0968 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
5.5
EPSS
5.1%
CVE-2019-11269 MEDIUM POC PATCH This Month

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Open Redirect Spring Security Oauth Banking Corporate Lending
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
8.9%
CVE-2019-3872 MEDIUM This Month

It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss Enterprise Application Platform Single Sign On
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2019-1036 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Project Server Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-1033 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Project Server Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-1032 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-1031 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Project Server Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.0
5.4
EPSS
1.7%
CVE-2019-0312 MEDIUM This Month

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Netweaver Process Integration
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2019-10926 MEDIUM This Month

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Simatic Mv420 Firmware Simatic Mv440 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2019-1044 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2019
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-1040 MEDIUM PATCH This Month

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.3
EPSS
48.0%
CVE-2019-1054 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2019-3875 MEDIUM PATCH This Month

A vulnerability was found in keycloak before 6.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2019-1050 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1049 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1048 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1047 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1046 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1016 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.1
4.7
EPSS
4.3%
CVE-2019-1015 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Server 2012
NVD
CVSS 3.1
4.7
EPSS
4.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy