CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2019-1358 Exec Code 2019-10-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1359.
1252 CVE-2019-1357 290 2019-10-10 2019-10-11
4.3
None Remote Medium Not required None Partial None
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.
1253 CVE-2019-1356 200 +Info 2019-10-10 2019-10-15
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'.
1254 CVE-2019-1347 125 DoS 2019-10-10 2020-08-24
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
1255 CVE-2019-1346 125 DoS 2019-10-10 2020-08-24
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
1256 CVE-2019-1345 125 2019-10-10 2020-08-24
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.
1257 CVE-2019-1344 125 2019-10-10 2020-08-24
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
1258 CVE-2019-1343 DoS 2019-10-10 2020-08-24
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.
1259 CVE-2019-1342 755 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339.
1260 CVE-2019-1341 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka 'Windows Power Service Elevation of Privilege Vulnerability'.
1261 CVE-2019-1340 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322.
1262 CVE-2019-1339 59 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.
1263 CVE-2019-1338 326 Bypass 2019-10-10 2021-07-21
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka 'Windows NTLM Security Feature Bypass Vulnerability'.
1264 CVE-2019-1337 200 +Info 2019-10-10 2019-10-15
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka 'Windows Update Client Information Disclosure Vulnerability'.
1265 CVE-2019-1336 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1323.
1266 CVE-2019-1335 787 Exec Code Mem. Corr. 2019-10-10 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366.
1267 CVE-2019-1334 200 +Info 2019-10-10 2019-10-15
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1345.
1268 CVE-2019-1333 Exec Code 2019-10-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.
1269 CVE-2019-1331 Exec Code 2019-10-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
1270 CVE-2019-1330 2019-10-10 2020-08-24
4.0
None Remote Low ??? None Partial None
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1329.
1271 CVE-2019-1329 79 XSS 2019-10-10 2019-10-11
3.5
None Remote Medium ??? None Partial None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330.
1272 CVE-2019-1328 79 XSS 2019-10-10 2019-10-11
3.5
None Remote Medium ??? None Partial None
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
1273 CVE-2019-1327 Exec Code 2019-10-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1331.
1274 CVE-2019-1326 DoS 2019-10-10 2020-08-24
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'.
1275 CVE-2019-1325 2019-10-10 2020-08-24
4.9
None Local Low Not required None None Complete
An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka 'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability'.
1276 CVE-2019-1323 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1336.
1277 CVE-2019-1322 2019-10-10 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
1278 CVE-2019-1321 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.
1279 CVE-2019-1320 2019-10-10 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.
1280 CVE-2019-1319 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
1281 CVE-2019-1318 290 2019-10-10 2020-08-24
4.3
None Remote Medium Not required Partial None None
A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.
1282 CVE-2019-1317 59 DoS 2019-10-10 2019-10-11
5.6
None Local Low Not required None Partial Complete
A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'.
1283 CVE-2019-1316 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
1284 CVE-2019-1315 59 2019-10-10 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
1285 CVE-2019-1314 Bypass 2019-10-10 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
1286 CVE-2019-1313 755 2019-10-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.
1287 CVE-2019-1311 Exec Code 2019-10-10 2020-08-24
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory, aka 'Windows Imaging API Remote Code Execution Vulnerability'.
1288 CVE-2019-1308 787 Exec Code Mem. Corr. 2019-10-10 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366.
1289 CVE-2019-1307 787 Exec Code Mem. Corr. 2019-10-10 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366.
1290 CVE-2019-1239 Exec Code 2019-10-10 2020-08-24
7.6
None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238.
1291 CVE-2019-1238 Exec Code 2019-10-10 2020-08-24
7.1
None Remote High ??? Complete Complete Complete
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239.
1292 CVE-2019-1230 20 2019-10-10 2020-08-24
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'.
1293 CVE-2019-1166 354 Bypass 2019-10-10 2020-08-24
4.3
None Remote Medium Not required None Partial None
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
1294 CVE-2019-1070 79 XSS 2019-10-10 2019-10-11
3.5
None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
1295 CVE-2019-1060 611 Exec Code 2019-10-10 2019-10-11
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
1296 CVE-2019-0608 290 2019-10-10 2019-12-16
4.3
None Remote Medium Not required None Partial None
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
1297 CVE-2019-0381 552 2019-10-08 2019-10-15
2.1
None Local Low Not required Partial None None
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
1298 CVE-2019-0380 532 2019-10-08 2020-02-10
4.0
None Remote Low ??? Partial None None
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
1299 CVE-2019-0379 345 2019-10-08 2021-07-21
5.0
None Remote Low Not required None Partial None
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
1300 CVE-2019-0378 79 XSS 2019-10-08 2019-10-10
3.5
None Remote Medium ??? None Partial None
SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting.
Total number of vulnerabilities : 1567   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.