Vulnerabilities (CVE)

Filter

126746 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0332 1 Sap 1 Businessobjects Business Intelligence 2019-08-19 4.3
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting...
CVE-2019-1145 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 9.3
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1149,...
CVE-2019-1155 1 Microsoft 10 Office, Office 365 Proplus, Windows 10 and 7 more 2019-08-19 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147,...
CVE-2019-1156 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147,...
CVE-2019-1157 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 9.3
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1146, CVE-2019-1147,...
CVE-2019-1141 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131,...
CVE-2019-1158 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 2.1
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154.
CVE-2019-1140 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131,...
CVE-2019-1159 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 7.2
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1164.
CVE-2019-14432 1 Loom 1 Loom 2019-08-19 6.8
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is...
CVE-2019-1139 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131,...
CVE-2019-1131 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139,...
CVE-2019-15149 2019-08-19 N/A
** DISPUTED ** core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this...
CVE-2019-14743 1 Valvesoftware 1 Steam Client 2019-08-19 7.2
** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. NOTE: the vendor disputes the...
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2019-08-19 6.5
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to...
CVE-2019-14433 1 Openstack 1 Nova 2019-08-19 4.0
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may...
CVE-2015-9316 1 Wpfastestcache 1 Wp Fastest Cache 2019-08-19 7.5
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
CVE-2019-13069 2019-08-19 N/A
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and...
CVE-2019-14937 2019-08-19 N/A
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and...
CVE-2019-15132 2019-08-19 N/A
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for...