The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2019-0576 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka Jet Database Engine Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0575, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | HIGH | Jan 9, 2019 |
CVE-2019-0575 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka Jet Database Engine Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0538, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | HIGH | Jan 9, 2019 |
CVE-2019-0574 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka Windows Data Sharing Service Elevation of Privilege Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. | MEDIUM | Jan 9, 2019 |
CVE-2019-0573 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka Windows Data Sharing Service Elevation of Privilege Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. | MEDIUM | Jan 9, 2019 |
CVE-2019-0572 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka Windows Data Sharing Service Elevation of Privilege Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. | MEDIUM | Jan 9, 2019 |
CVE-2019-0571 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka Windows Data Sharing Service Elevation of Privilege Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. | MEDIUM | Jan 9, 2019 |
CVE-2019-0570 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka Windows Runtime Elevation of Privilege Vulnerability. This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | MEDIUM | Jan 9, 2019 |
CVE-2019-0569 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0554. | LOW | Jan 9, 2019 |
CVE-2019-0568 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0567. | High | Jan 14, 2019 |
CVE-2019-0567 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568. | High | Jan 14, 2019 |
CVE-2019-0566 | An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka Microsoft Edge Elevation of Privilege Vulnerability. This affects Microsoft Edge. | Medium | Jan 14, 2019 |
CVE-2019-0565 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka Microsoft Edge Memory Corruption Vulnerability. This affects Microsoft Edge. | High | Jan 11, 2019 |
CVE-2019-0564 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ASP.NET Core Denial of Service Vulnerability. This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. | Medium | Jan 11, 2019 |
CVE-2019-0563 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | -- | Nov 7, 2023 |
CVE-2019-0562 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft SharePoint Elevation of Privilege Vulnerability. This affects Microsoft SharePoint Server, Microsoft SharePoint. | LOW | Jan 9, 2019 |
CVE-2019-0561 | An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka Microsoft Word Information Disclosure Vulnerability. This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word. | Medium | Jan 14, 2019 |
CVE-2019-0560 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka Microsoft Office Information Disclosure Vulnerability. This affects Office 365 ProPlus, Microsoft Office. | Medium | Jan 11, 2019 |
CVE-2019-0559 | An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages, aka Microsoft Outlook Information Disclosure Vulnerability. This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. | Medium | Jan 11, 2019 |
CVE-2019-0558 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This affects Microsoft SharePoint Server, Microsoft SharePoint, Microsoft Business Productivity Servers. This CVE ID is unique from CVE-2019-0556, CVE-2019-0557. | LOW | Jan 9, 2019 |
CVE-2019-0557 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0556, CVE-2019-0558. | LOW | Jan 9, 2019 |
CVE-2019-0556 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka Microsoft Office SharePoint XSS Vulnerability. This affects Microsoft SharePoint. This CVE ID is unique from CVE-2019-0557, CVE-2019-0558. | LOW | Jan 9, 2019 |
CVE-2019-0555 | An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka Microsoft XmlDocument Elevation of Privilege Vulnerability. This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | MEDIUM | Jan 9, 2019 |
CVE-2019-0554 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0549, CVE-2019-0569. | Low | Jan 14, 2019 |
CVE-2019-0553 | An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka Windows Subsystem for Linux Information Disclosure Vulnerability. This affects Windows 10 Servers, Windows 10, Windows Server 2019. | Low | Jan 14, 2019 |
CVE-2019-0552 | An elevation of privilege exists in Windows COM Desktop Broker, aka Windows COM Elevation of Privilege Vulnerability. This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | MEDIUM | Jan 9, 2019 |
CVE-2019-0551 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka Windows Hyper-V Remote Code Execution Vulnerability. This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0550. | High | Jan 14, 2019 |
CVE-2019-0550 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka Windows Hyper-V Remote Code Execution Vulnerability. This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2019-0551. | High | Jan 14, 2019 |
CVE-2019-0549 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0536, CVE-2019-0554, CVE-2019-0569. | Low | Jan 14, 2019 |
CVE-2019-0548 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ASP.NET Core Denial of Service Vulnerability. This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. | MEDIUM | Jan 9, 2019 |
CVE-2019-0547 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka Windows DHCP Client Remote Code Execution Vulnerability. This affects Windows 10, Windows 10 Servers. | HIGH | Jan 9, 2019 |
CVE-2019-0546 | A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka Visual Studio Remote Code Execution Vulnerability. This affects Microsoft Visual Studio. | HIGH | Jan 9, 2019 |
CVE-2019-0545 | An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka .NET Framework Information Disclosure Vulnerability. This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. | Medium | Jan 14, 2019 |
CVE-2019-0544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | -- | Nov 7, 2023 |
CVE-2019-0543 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka Microsoft Windows Elevation of Privilege Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | Medium | Jan 14, 2019 |
CVE-2019-0542 | A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka Xterm Remote Code Execution Vulnerability. This affects xterm.js. | HIGH | Jan 11, 2019 |
CVE-2019-0541 | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka MSHTML Engine Remote Code Execution Vulnerability. This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. | High | Jan 14, 2019 |
CVE-2019-0540 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka \'Microsoft Office Security Feature Bypass Vulnerability\'. | MEDIUM | Mar 22, 2019 |
CVE-2019-0539 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka Chakra Scripting Engine Memory Corruption Vulnerability. This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568. | High | Jan 14, 2019 |
CVE-2019-0538 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka Jet Database Engine Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584. | High | Jan 14, 2019 |
CVE-2019-0537 | An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka Microsoft Visual Studio Information Disclosure Vulnerability. This affects Microsoft Visual Studio. | Medium | Jan 14, 2019 |
CVE-2019-0536 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka Windows Kernel Information Disclosure Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2019-0549, CVE-2019-0554, CVE-2019-0569. | Low | Jan 14, 2019 |
CVE-2019-0405 | SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure. | MEDIUM | Dec 11, 2019 |
CVE-2019-0404 | SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure. | MEDIUM | Dec 11, 2019 |
CVE-2019-0403 | SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which will be executed when opened, leading to CSV Command Injection. | HIGH | Dec 11, 2019 |
CVE-2019-0402 | SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. | LOW | Dec 13, 2019 |
CVE-2019-0399 | SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure. | MEDIUM | Dec 11, 2019 |
CVE-2019-0398 | Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery. | MEDIUM | Dec 11, 2019 |
CVE-2019-0396 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly filtered by Web Intelligence HTML interface in some specific workflows. | MEDIUM | Nov 14, 2019 |
CVE-2019-0395 | SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability. | LOW | Dec 11, 2019 |
CVE-2019-0393 | An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results. | MEDIUM | Nov 14, 2019 |