Microsoft Windows Storage Service CVE-2019-0931 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1709 for...

Microsoft Internet Explorer CVE-2019-0930 Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft...

Microsoft Windows Hyper-V CVE-2019-0886 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to local information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Hyper-V Microsoft Windows 10 Version 1607 for x64-based Systems Microso...

Microsoft Windows DHCP Server CVE-2019-0725 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the system account. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affected Microsoft Windows...

Microsoft Windows Unified Write Filter CVE-2019-0942 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for...

Microsoft Internet Explorer CVE-2019-0929 Remote Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Internet...

Microsoft Windows GDI Component CVE-2019-0961 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Microsoft ASP.NET Core CVE-2019-0980 Denial of Service Vulnerability

Description Microsoft ASP.NET Core is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. Technologies Affected Microsoft .NET Core 1.0 Microsoft .NET Core 1.1 Microsoft .NET Core 2.1 Microsoft .NET Core 2.2 Microsoft .NET...

Microsoft Azure Active Directory Connect CVE-2019-1000 Remote Privilege Escalation Vulnerability

Description Microsoft Azure Active Directory Connect is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure Active Directory Connect 1.3.20.0...

Microsoft Edge Chakra Scripting Engine CVE-2019-0922 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows JET Database Engine CVE-2019-0891 Remote Code Execution Vulnerability

Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Edge Chakra Scripting Engine CVE-2019-0913 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows JET Database Engine CVE-2019-0900 Remote Code Execution Vulnerability

Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...

Microsoft Edge Chakra Scripting Engine CVE-2019-0916 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft ASP.NET Core CVE-2019-0981 Denial of Service Vulnerability

Description Microsoft ASP.NET Core is prone to a remote denial of service vulnerability. An attacker can exploit this issue to cause a denial of service condition. Technologies Affected Microsoft .NET Core 1.0 Microsoft .NET Core 1.1 Microsoft .NET Core 2.1 Microsoft .NET Core 2.2 Microsoft .NET...

Apple macOS Multiple Security Vulnerabilities

Description Apple macOS is prone to multiple security vulnerabilities. An attacker can leverage these issues to bypass security restrictions and perform unauthorized actions, obtain sensitive information, execute arbitrary code within the context of the application or gain elevated privileges...

GraphicsMagick CVE-2019-19951 Heap Buffer Overflow Vulnerability

Description GraphicsMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow the attacker to crash the affected application. Due to the nature o...

Symantec Messaging Gateway Information Disclosure

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec Messaging Gateway SMG product. AFFECTED PRODUCTS Symantec Messaging Gateway SMG --- CVE | Affected Versions | Remediation CVE-2019-9699 | Prior to 10.7.0 | Upgrade to 10.7.0 ISSUES CVE-2019-9699 ---...

Symantec AV Engine Arbitrary File Deletion

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec AV Engine. AFFECTED PRODUCTS Symantec AV Engine For Mac Endpoints Only --- CVE | Affected Versions | Remediation CVE-2019-9698 | Prior to 13.0.9r17 | Upgrade to 13.0.9r17 via LiveUpdateTM ISSUES...

Philips Tasy EMR CVE-2019-6562 Cross Site Scripting Vulnerability

Description Philips Tasy EMR is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

ImageMagick Multiple Heap Buffer Overflow Vulnerabilities

Description ImageMagick is prone to multiple heap-based buffer-overflow vulnerabilities. An attacker can exploit these issues to cause denial-of-service condition. Due to the nature of these issues, code execution may be possible but this has not been confirmed. ImageMagick version 7.0.8-43 Q16 i...

Atlassian JIRA CVE-2019-3403 Information Disclosure Vulnerability

Description Atlassian JIRA is prone to an information-disclosure vulnerability. Successful exploits of this issue lead to the disclosure of sensitive information which may aid in launching further attacks. Jira versions prior to 7.13.3, 8.0.0 through and prior to 8.0.4 and 8.1.0 through and prior...

Atlassian JIRA CVE-2019-3402 Cross Site Scripting Vulnerability

Description Atlassian JIRA is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication...

Atlassian JIRA CVE-2019-3401 Information Disclosure Vulnerability

Description Atlassian JIRA is prone to an information-disclosure vulnerability. Successful exploits of this issue lead to the disclosure of sensitive information which may aid in launching further attacks. Jira versions prior to 7.13.3 and 8.0.0 through and prior to 8.1.1 are vulnerable...

Oracle WebLogic Server Deserialization Remote Command Execution Vulnerability

Description Oracle WebLogic Server is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute an arbitrary command within the context of a user running the affected application. Failed exploit attempts may result in a denial-of-service condition. Oracle...

Pulse Connect Secure and Policy Secure CVE-2019-11509 Access Bypass Vulnerability

Description Pulse Connect Secure and Policy Secure are prone to an access-bypass vulnerability. An attacker can exploit this execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. The following products are vulnerable: Pulse Connect Secure 9.0RX, 8.3RX...

Pulse Connect Secure and Pulse Policy Secure Multiple Security Vulnerabilities

Description Pulse Connect Secure and Pulse Policy Secure are prone to the following vulnerabilities: 1. An arbitrary file read vulnerability 2. An arbitrary file-write vulnerability 3. A session-hijacking vulnerability 4. Multiple cross-site scripting vulnerabilities 5. Multiple information...

Kubernetes CVE-2019-11244 Local Unauthorized Access Vulnerability

Description Kubernetes is prone to a local unauthorized-access vulnerability. A local attacker can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. Kubernetes version 1.8.x through 1.14.x are vulnerable. Technologies Affected IBM Cloud...

JQuery CVE-2019-11358 Cross Site Scripting Vulnerability

Description JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Linux Kernel CVE-2019-18805 Integer Overflow Vulnerability

Description Linux Kernel is prone to an integer overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed. Versions prior to Linux kernel...

Apache Tomcat CVE-2019-0232 Remote Code Execution Vulnerability

Description Apache Tomcat is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Apache Tomcat version 9.0.0.M1 through 9.0.17, 8.5.0 through 8.5.39 and 7.0.0 through 7.0.93 are...

libxslt CVE-2019-11068 Security Bypass Vulnerability

Description libxslt is prone to a security-bypass vulnerability. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Oracle JDKLinux Production Release 1.8.0 Update 221 Oracle JDKSolar...

Juniper Junos CVE-2019-0043 Denial of Service Vulnerability

Description Juniper Junos is prone to a denial-of-service vulnerability. An attacker may exploit this issue to cause denial-of-service conditions. Technologies Affected Juniper ACX Series Juniper EX Series Juniper EX2300 Series Juniper EX3400 Series Juniper JUNOS 12.1X46-D25 Juniper JUNOS 12.3...

Microsoft Azure DevOps Server CVE-2019-0874 Cross Site Scripting Vulnerability

Description Microsoft Azure DevOps Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Th...

Microsoft Windows Win32k CVE-2019-0848 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows CVE-2019-0839 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...

Microsoft Edge Chakra Scripting Engine CVE-2019-0810 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Office Access Connectivity Engine CVE-2019-0824 Remote Code Execution Vulnerability

Description Microsoft Office Access Connectivity Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office...

Microsoft Office Access Connectivity Engine CVE-2019-0826 Remote Code Execution Vulnerability

Description Microsoft Office Access Connectivity Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Office 2010 Service Pack 2 32-bit editions Microsoft Office...

Microsoft Open Enclave SDK CVE-2019-0876 Information Disclosure Vulnerability

Description Microsoft Open Enclave SDK is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Open Enclave SDK Recommendations Run all software as a nonprivileged user...

Microsoft Windows Graphics Component CVE-2019-0822 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code on a target system. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft Office 2016 for Mac...

Microsoft Edge Chakra Scripting Engine CVE-2019-0861 Remote Memory Corruption Vulnerability

Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...

Microsoft Windows MS XML CVE-2019-0792 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Versi...

Microsoft Windows Device Guard CVE-2019-0732 Local Security Bypass Vulnerability

Description Microsoft Windows is prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems...

Microsoft Azure DevOps Server CVE-2019-0875 Remote Privilege Escalation Vulnerability

Description Microsoft Azure DevOps Server is prone to a remote privilege-escalation vulnerability. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsoft Azure DevOps Server 2019 Recommendations Run all...

Microsoft Windows MS XML CVE-2019-0790 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current user. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows 10 Versi...

Microsoft Azure DevOps Server CVE-2019-0857 Spoofing Vulnerability

Description Microsoft Azure DevOps Server is prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks and to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Azure DevOps...

Microsoft Edge and Internet Explorer CVE-2019-0764 Tampering Security Bypass Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explor...

Apache Axis CVE-2019-0227 Remote Code Execution Vulnerability

Description Apache Axis is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Apache Axis 1.4 is vulnerable; other versions may also be affected. Technologies Affected Apache...

Microsoft Excel CVE-2019-0828 Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...