Vulnerabilities (CVE)

Filter

126751 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1179 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-08-19 4.6
An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177,...
CVE-2015-5122 4 Adobe, Opensuse, Redhat and 1 more 8 Flash Player, Evergreen, Enterprise Linux Desktop and 5 more 2019-08-19 10.0
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux,...
CVE-2019-1030 1 Microsoft 1 Edge 2019-08-19 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka 'Microsoft Edge Information Disclosure Vulnerability'.
CVE-2003-0841 2 Peoplesoft, Oracle 2 Peopletools, Peopletools 2019-08-19 5.0
The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request.
CVE-2019-14312 1 Aptana 1 Jaxer 2019-08-19 4.0
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI.
CVE-2017-18486 1 Jitbit 1 Helpdesk 2019-08-19 6.5
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to...
CVE-2019-13417 1 Search-guard 1 Search Guard 2019-08-19 5.0
Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.
CVE-2019-13418 1 Search-guard 1 Search Guard 2019-08-19 5.0
Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.
CVE-2019-6171 2019-08-19 N/A
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
CVE-2019-6165 2019-08-19 N/A
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10...
CVE-2019-6159 2019-08-19 N/A
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause...
CVE-2019-5631 2019-08-19 N/A
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to the operating system) can elevate their...
CVE-2019-11276 2019-08-19 N/A
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and...
CVE-2015-9307 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
CVE-2015-9308 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
CVE-2015-9309 1 Flippercode 1 Google Map 2019-08-19 6.8
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
CVE-2019-1197 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131,...
CVE-2019-14516 1 Uidai 1 Maadhaar 2019-08-19 5.8
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
CVE-2019-13420 1 Search-guard 1 Search Guard 2019-08-19 4.3
Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.
CVE-2019-1196 1 Microsoft 1 Edge 2019-08-19 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131,...