Vulnerabilities (CVE)

Filter

10493 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2183 1 Google 1 Android 2019-10-16 2.1
In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction...
CVE-2019-2187 1 Google 1 Android 2019-10-16 2.1
In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2015-1981 1 Ibm 1 Domino 2019-10-16 2.1
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka...
CVE-2019-1334 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-15 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.
CVE-2019-1337 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 2.1
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.
CVE-2019-1344 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 2.1
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
CVE-2019-5507 1 Netapp 1 Snapmanager 2019-10-15 2.1
SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.
CVE-2019-0381 1 Sap 3 Dynamic Tier, Sap Iq, Sql Anywhere 2019-10-15 2.1
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
CVE-2019-3653 1 Mcafee 1 Endpoint Security 2019-10-15 2.1
Improper access control vulnerability in Configuration tool in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to gain access to security configuration via unauthorized use of the configuration tool.
CVE-2019-1368 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 2.1
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
CVE-2019-1375 2019-10-15 3.5
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
CVE-2018-16551 1 Lavalite 1 Lavalite 2019-10-15 3.5
LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit.
CVE-2016-10894 2 Xtrlock Project, Debian 2 Xtrlock, Debian Linux 2019-10-15 2.1
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even...
CVE-2019-17263 1 Libfwsi Project 1 Libfwsi 2019-10-14 2.1
** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though...
CVE-2019-1070 1 Microsoft 1 Sharepoint Enterprise Server 2019-10-11 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2019-10-11 3.5
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-1363 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-11 2.1
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure...
CVE-2019-1328 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2019-1329 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE...
CVE-2019-1345 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.