The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2019-1371 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \'Internet Explorer Memory Corruption Vulnerability\'. | HIGH | Oct 15, 2019 |
| CVE-2019-1370 | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka \'Open Enclave SDK Information Disclosure Vulnerability\'. | LOW | Nov 13, 2019 |
| CVE-2019-1369 | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka \'Open Enclave SDK Information Disclosure Vulnerability\'. | Medium | Oct 11, 2019 |
| CVE-2019-1368 | A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka \'Windows Secure Boot Security Feature Bypass Vulnerability\'. | LOW | Oct 15, 2019 |
| CVE-2019-1367 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka \'Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-1221. | HIGH | Sep 24, 2019 |
| CVE-2019-1366 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335. | HIGH | Oct 10, 2019 |
| CVE-2019-1365 | An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka \'Microsoft IIS Server Elevation of Privilege Vulnerability\'. | HIGH | Oct 17, 2019 |
| CVE-2019-1364 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1362. | HIGH | Oct 15, 2019 |
| CVE-2019-1363 | An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka \'Windows GDI Information Disclosure Vulnerability\'. | LOW | Oct 11, 2019 |
| CVE-2019-1362 | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1364. | HIGH | Oct 15, 2019 |
| CVE-2019-1361 | An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka \'Microsoft Graphics Components Information Disclosure Vulnerability\'. | MEDIUM | Oct 11, 2019 |
| CVE-2019-1360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | -- | Nov 7, 2023 |
| CVE-2019-1359 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1358. | HIGH | Oct 15, 2019 |
| CVE-2019-1358 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1359. | HIGH | Oct 15, 2019 |
| CVE-2019-1357 | A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka \'Microsoft Browser Spoofing Vulnerability\'. This CVE ID is unique from CVE-2019-0608. | MEDIUM | Oct 11, 2019 |
| CVE-2019-1356 | An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka \'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability\'. | MEDIUM | Oct 15, 2019 |
| CVE-2019-1355 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none | -- | Nov 7, 2023 |
| CVE-2019-1354 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \'Git for Visual Studio Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | HIGH | Jan 28, 2020 |
| CVE-2019-1353 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as WSL) while accessing a working directory on a regular Windows drive, none of the NTFS protections were active. | HIGH | Feb 5, 2020 |
| CVE-2019-1352 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \'Git for Visual Studio Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | HIGH | Jan 28, 2020 |
| CVE-2019-1351 | A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka \'Git for Visual Studio Tampering Vulnerability\'. | MEDIUM | Jan 29, 2020 |
| CVE-2019-1350 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \'Git for Visual Studio Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | HIGH | Jan 28, 2020 |
| CVE-2019-1349 | A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka \'Git for Visual Studio Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387. | HIGH | Jan 28, 2020 |
| CVE-2019-1348 | An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths. | LOW | Feb 4, 2020 |
| CVE-2019-1347 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \'Windows Denial of Service Vulnerability\'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346. | HIGH | Oct 15, 2019 |
| CVE-2019-1346 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \'Windows Denial of Service Vulnerability\'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347. | HIGH | Oct 15, 2019 |
| CVE-2019-1345 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1334. | LOW | Oct 11, 2019 |
| CVE-2019-1344 | An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka \'Windows Code Integrity Module Information Disclosure Vulnerability\'. | LOW | Oct 15, 2019 |
| CVE-2019-1343 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \'Windows Denial of Service Vulnerability\'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347. | HIGH | Oct 15, 2019 |
| CVE-2019-1342 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka \'Windows Error Reporting Manager Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | HIGH | Oct 15, 2019 |
| CVE-2019-1341 | An elevation of privilege vulnerability exists when umpo.dll of the Power Service, improperly handles a Registry Restore Key function, aka \'Windows Power Service Elevation of Privilege Vulnerability\'. | HIGH | Oct 15, 2019 |
| CVE-2019-1340 | An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \'Microsoft Windows Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1322. | HIGH | Oct 15, 2019 |
| CVE-2019-1339 | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka \'Windows Error Reporting Manager Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342. | HIGH | Oct 15, 2019 |
| CVE-2019-1338 | A security feature bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses, aka \'Windows NTLM Security Feature Bypass Vulnerability\'. | MEDIUM | Oct 15, 2019 |
| CVE-2019-1337 | An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory, aka \'Windows Update Client Information Disclosure Vulnerability\'. | LOW | Oct 15, 2019 |
| CVE-2019-1336 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka \'Microsoft Windows Update Client Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1323. | HIGH | Oct 11, 2019 |
| CVE-2019-1335 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366. | HIGH | Oct 10, 2019 |
| CVE-2019-1334 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1345. | LOW | Oct 15, 2019 |
| CVE-2019-1333 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka \'Remote Desktop Client Remote Code Execution Vulnerability\'. | HIGH | Oct 11, 2019 |
| CVE-2019-1332 | A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka \'Microsoft SQL Server Reporting Services XSS Vulnerability\'. | MEDIUM | Dec 12, 2019 |
| CVE-2019-1331 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \'Microsoft Excel Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1327. | HIGH | Oct 11, 2019 |
| CVE-2019-1330 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka \'Microsoft SharePoint Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1329. | MEDIUM | Oct 11, 2019 |
| CVE-2019-1329 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft SharePoint Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1330. | LOW | Oct 11, 2019 |
| CVE-2019-1328 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft SharePoint Spoofing Vulnerability\'. | LOW | Oct 11, 2019 |
| CVE-2019-1327 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \'Microsoft Excel Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1331. | HIGH | Oct 11, 2019 |
| CVE-2019-1326 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability\'. | HIGH | Oct 11, 2019 |
| CVE-2019-1325 | An elevation of privilege vulnerability exists in the Windows redirected drive buffering system (rdbss.sys) when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems, aka \'Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability\'. | MEDIUM | Oct 11, 2019 |
| CVE-2019-1324 | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka \'Windows TCP/IP Information Disclosure Vulnerability\'. | MEDIUM | Nov 13, 2019 |
| CVE-2019-1323 | An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka \'Microsoft Windows Update Client Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1336. | HIGH | Oct 11, 2019 |
| CVE-2019-1322 | An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka \'Microsoft Windows Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340. | MEDIUM | Oct 11, 2019 |
