Skip to main content
CVE-2019-0351 HIGH This Week

A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Netweaver
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2019-0343 HIGH This Week

SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allows an authenticated Backoffice/HMC user to inject code that can be executed by the application,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE SAP Commerce Cloud
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2019-0341 HIGH This Week

The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Enable Now
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2019-9506 HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os Mac Os X Tvos +143
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2019-10201 HIGH PATCH This Week

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2019-0720 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
8.0
EPSS
3.8%
CVE-2019-1201 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Office Online Server +5
NVD
CVSS 3.0
7.8
EPSS
4.9%
CVE-2019-1200 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Outlook
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2019-1199 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Office +1
NVD
CVSS 3.0
7.8
EPSS
4.6%
CVE-2019-1190 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1169 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 7 Windows Server 2008
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1168 HIGH PATCH This Week

An elevation of privilege exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-1164 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1162 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1159 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
11.7%
CVE-2019-1157 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2019-1156 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1155 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1147 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.3%
CVE-2019-1146 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.8
EPSS
4.5%
CVE-2019-8062 HIGH This Week

Adobe After Effects versions 16 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2019-7961 HIGH This Week

Adobe Prelude CC versions 8.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Prelude Cc
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2019-7931 HIGH This Week

Adobe Premiere Pro CC versions 13.1.2 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Premiere Pro Cc
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2019-7870 HIGH This Week

Adobe Character Animator versions 2.1 and earlier have an insecure library loading (dll hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Character Animator
NVD
CVSS 3.0
7.8
EPSS
3.8%
CVE-2019-0965 HIGH PATCH This Week

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Rated high severity (CVSS 7.6).

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2019-1225 HIGH PATCH This Week

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
9.5%
CVE-2019-1224 HIGH PATCH This Week

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
7.6%
CVE-2019-1223 HIGH PATCH This Week

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2019-1206 HIGH PATCH This Week

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2019-1194 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-1188 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-1133 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-1057 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Microsoft RCE Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-1211 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019
NVD
CVSS 3.0
7.3
EPSS
1.7%
CVE-2019-1185 HIGH PATCH This Week

An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2019-0349 HIGH This Week

SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Advanced Business Application Programming Platform Kernel
NVD
CVSS 3.0
7.2
EPSS
1.2%
CVE-2019-1161 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials System Center Endpoint Protection
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2019-3639 HIGH This Week

Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Gateway
NVD
CVSS 3.0
7.1
EPSS
1.2%
CVE-2019-1186 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-1180 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2019-1179 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2019-1178 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the ssdpsrv.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2019-1177 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the rpcss.dll handles objects in memory. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-1176 HIGH PATCH This Week

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory. Rated high severity (CVSS 7.0).

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2019-1175 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-1174 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-1173 HIGH PATCH This Week

An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. Rated high severity (CVSS 7.0).

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-1184 MEDIUM POC PATCH THREAT This Month

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. Rated medium severity (CVSS 6.7).

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD Exploit-DB
CVSS 3.1
6.7
EPSS
70.2%
CVE-2019-3637 MEDIUM This Month

Privilege Escalation vulnerability in McAfee FRP 5.x prior to 5.1.0.209 allows local users to gain elevated privileges via running McAfee Tray with elevated privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File And Removable Media Protection
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2019-1198 MEDIUM PATCH This Month

An elevation of privilege exists in SyncController.dll. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

RCE Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
1.9%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy