The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-0826 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka \'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0827 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka \'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0828 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \'Microsoft Excel Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 |
| CVE-2019-0829 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861. | HIGH | Apr 10, 2019 |
| CVE-2019-0830 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. This CVE ID is unique from CVE-2019-0831. | LOW | Apr 10, 2019 |
| CVE-2019-0831 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. This CVE ID is unique from CVE-2019-0830. | LOW | Apr 10, 2019 |
| CVE-2019-0833 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka \'Microsoft Edge Information Disclosure Vulnerability\'. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0835 | An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory, aka \'Microsoft Scripting Engine Information Disclosure Vulnerability\'. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0836 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka \'Windows Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0837 | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka \'DirectX Information Disclosure Vulnerability\'. | LOW | Apr 10, 2019 |
| CVE-2019-0838 | An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager, aka \'Windows Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0839. | LOW | Apr 10, 2019 |
| CVE-2019-0839 | An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory, aka \'Windows Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0838. | LOW | Apr 10, 2019 |
| CVE-2019-0840 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0844. | LOW | Apr 10, 2019 |
| CVE-2019-0842 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'Windows VBScript Engine Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 |
| CVE-2019-0844 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0840. | LOW | Apr 10, 2019 |
| CVE-2019-0846 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0847, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | HIGH | Apr 10, 2019 |
| CVE-2019-0847 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0851, CVE-2019-0877, CVE-2019-0879. | HIGH | Apr 10, 2019 |
| CVE-2019-0848 | An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka \'Win32k Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0814. | LOW | Apr 10, 2019 |
| CVE-2019-0849 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \'Windows GDI Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-0802. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0851 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-0846, CVE-2019-0847, CVE-2019-0877, CVE-2019-0879. | HIGH | Apr 10, 2019 |
| CVE-2019-0856 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka \'Windows Remote Code Execution Vulnerability\'. | HIGH | Apr 10, 2019 |
| CVE-2019-0859 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803. | HIGH | Apr 10, 2019 |
| CVE-2019-0860 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861. | HIGH | Apr 10, 2019 |
| CVE-2019-0861 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860. | HIGH | Apr 10, 2019 |
| CVE-2019-0862 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753. | HIGH | Apr 10, 2019 |
| CVE-2019-0866 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0867 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0868 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0869 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka \'Azure DevOps Server HTML Injection Vulnerability\'. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0870 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0871 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka \'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability\'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870. | MEDIUM | Apr 10, 2019 |
| CVE-2019-0874 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka \'Azure DevOps Server Cross-site Scripting Vulnerability\'. | MEDIUM | Apr 10, 2019 |
| CVE-2019-10242 | In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. | MEDIUM | Apr 10, 2019 |
| CVE-2019-10243 | In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by Kura. | MEDIUM | Apr 10, 2019 |
| CVE-2019-10244 | In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation. | MEDIUM | Apr 10, 2019 |
| CVE-2019-11028 | GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the Documents area. This vulnerability is related to uploadDocFile.aspx. | High | Apr 10, 2019 |
| CVE-2019-1567 | The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | LOW | Apr 10, 2019 |
| CVE-2019-3795 | Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. | MEDIUM | Apr 10, 2019 |
| CVE-2019-3940 | Advantech WebAccess 8.3.4 is vulnerable to file upload attacks via unauthenticated RPC call. An unauthenticated, remote attacker can use this vulnerability to execute arbitrary code. | HIGH | Apr 10, 2019 |
| CVE-2019-3941 | Advantech WebAccess 8.3.4 allows unauthenticated, remote attackers to delete arbitrary files via IOCTL 10005 RPC. | MEDIUM | Apr 10, 2019 |
| CVE-2019-5585 | An improper access control vulnerability in FortiClientMac before 6.0.5 may allow an attacker to affect the application\'s performance via modifying the contents of a file used by several FortiClientMac processes. | LOW | Apr 10, 2019 |
| CVE-2019-6117 | The wpape APE GALLERY plugin 1.6.14 for WordPress has stored XSS via the classGallery.php getCategories function. | MEDIUM | Apr 10, 2019 |
| CVE-2019-7174 | Roxy Fileman 1.4.5 allows attackers to execute renamefile.php (aka Rename File), createdir.php (aka Create Directory), fileslist.php (aka Echo File List), and movefile.php (aka Move File) operations. | HIGH | Apr 10, 2019 |
| CVE-2019-8990 | The HTTP Connector component of TIBCO Software Inc.\'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2. | MEDIUM | Apr 10, 2019 |
| CVE-2019-9133 | When processing subtitles format media file, KMPlayer version 2018.12.24.14 or lower doesn\'t check object size correctly, which leads to integer underflow then to memory out-of-bound read/write. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. | MEDIUM | Apr 10, 2019 |
| CVE-2019-9134 | Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code. | HIGH | Apr 10, 2019 |
| CVE-2019-9696 | Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. | MEDIUM | Apr 10, 2019 |
| CVE-2006-7254 | The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | Low | Apr 10, 2019 |
| CVE-2018-1994 | IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. | HIGH | Apr 10, 2019 |
| CVE-2019-0038 | Crafted packets destined to the management interface (fxp0) of an SRX340 or SRX345 services gateway may create a denial of service (DoS) condition due to buffer space exhaustion. This issue only affects the SRX340 and SRX345 services gateways. No other products or platforms are affected by this vulnerability. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D160 on SRX340/SRX345; 17.3 on SRX340/SRX345; 17.4 versions prior to 17.4R2-S3, 17.4R3 on SRX340/SRX345; 18.1 versions prior to 18.1R3-S1 on SRX340/SRX345; 18.2 versions prior to 18.2R2 on SRX340/SRX345; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX340/SRX345. This issue does not affect Junos OS releases prior to 15.1X49 on any platform. | MEDIUM | Apr 10, 2019 |
