Vulnerabilities (CVE)

Filter

71758 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1179 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-19 4.6
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177,...
CVE-2019-1030 1 Microsoft 1 Edge 2019-08-19 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.
CVE-2003-0841 2 Peoplesoft, Oracle 2 Peopletools, Peopletools 2019-08-19 5.0
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
CVE-2019-14312 1 Aptana 1 Jaxer 2019-08-19 4.0
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
CVE-2017-18486 1 Jitbit 1 Helpdesk 2019-08-19 6.5
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to...
CVE-2019-13417 1 Search-guard 1 Search Guard 2019-08-19 5.0
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
CVE-2019-13418 1 Search-guard 1 Search Guard 2019-08-19 5.0
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
CVE-2015-9307 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVE-2015-9308 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVE-2015-9309 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVE-2019-14516 1 Uidai 1 Maadhaar 2019-08-19 5.8
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
CVE-2019-13420 1 Search-guard 1 Search Guard 2019-08-19 4.3
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
CVE-2019-0332 1 Sap 1 Businessobjects Business Intelligence 2019-08-19 4.3
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting...
CVE-2019-1159 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 7.2
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1164.
CVE-2019-14432 1 Loom 1 Loom 2019-08-19 6.8
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is...
CVE-2019-14743 1 Valvesoftware 1 Steam Client 2019-08-19 7.2
** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. NOTE: the vendor disputes the...
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2019-08-19 6.5
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to...
CVE-2019-14433 1 Openstack 1 Nova 2019-08-19 4.0
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may...
CVE-2018-5712 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as...