The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2019-1271 | An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka \'Windows Media Elevation of Privilege Vulnerability\'. | HIGH | Sep 12, 2019 |
CVE-2019-1270 | An elevation of privilege vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack, aka \'Microsoft Windows Store Installer Elevation of Privilege Vulnerability\'. | LOW | Sep 12, 2019 |
CVE-2019-1269 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka \'Windows ALPC Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1272. | HIGH | Sep 12, 2019 |
CVE-2019-1268 | An elevation of privilege exists when Winlogon does not properly handle file path information, aka \'Winlogon Elevation of Privilege Vulnerability\'. | HIGH | Sep 12, 2019 |
CVE-2019-1267 | An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka \'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability\'. | HIGH | Sep 12, 2019 |
CVE-2019-1266 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka \'Microsoft Exchange Spoofing Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1265 | A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka \'Microsoft Yammer Security Feature Bypass Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1264 | A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka \'Microsoft Office Security Feature Bypass Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1263 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \'Microsoft Excel Information Disclosure Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1262 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \'Microsoft Office SharePoint XSS Vulnerability\'. | LOW | Sep 24, 2019 |
CVE-2019-1261 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka \'Microsoft SharePoint Spoofing Vulnerability\'. This CVE ID is unique from CVE-2019-1259. | MEDIUM | Sep 12, 2019 |
CVE-2019-1260 | An elevation of privilege vulnerability exists in Microsoft SharePoint, aka \'Microsoft SharePoint Elevation of Privilege Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1259 | A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka \'Microsoft SharePoint Spoofing Vulnerability\'. This CVE ID is unique from CVE-2019-1261. | MEDIUM | Sep 12, 2019 |
CVE-2019-1258 | An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka \'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability\'. | MEDIUM | Aug 22, 2019 |
CVE-2019-1257 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka \'Microsoft SharePoint Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. | MEDIUM | Sep 12, 2019 |
CVE-2019-1256 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \'Win32k Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1285. | HIGH | Sep 12, 2019 |
CVE-2019-1255 | A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka \'Microsoft Defender Denial of Service Vulnerability\'. | MEDIUM | Sep 24, 2019 |
CVE-2019-1254 | An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk, aka \'Windows Hyper-V Information Disclosure Vulnerability\'. | LOW | Sep 12, 2019 |
CVE-2019-1253 | An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka \'Windows Elevation of Privilege Vulnerability\'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303. | HIGH | Sep 16, 2019 |
CVE-2019-1252 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka \'Windows GDI Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1286. | MEDIUM | Sep 12, 2019 |
CVE-2019-1251 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka \'DirectWrite Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1245. | LOW | Sep 12, 2019 |
CVE-2019-1250 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. | HIGH | Sep 12, 2019 |
CVE-2019-1249 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1248 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1247 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1246 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1245 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka \'DirectWrite Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251. | MEDIUM | Sep 12, 2019 |
CVE-2019-1244 | An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka \'DirectWrite Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251. | MEDIUM | Sep 12, 2019 |
CVE-2019-1243 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1242 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1241 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1240 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka \'Jet Database Engine Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | HIGH | Sep 12, 2019 |
CVE-2019-1239 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'VBScript Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1238. | HIGH | Oct 11, 2019 |
CVE-2019-1238 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'VBScript Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1239. | HIGH | Oct 11, 2019 |
CVE-2019-1237 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \'Chakra Scripting Engine Memory Corruption Vulnerability\'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. | HIGH | Sep 12, 2019 |
CVE-2019-1236 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \'VBScript Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1208. | HIGH | Sep 12, 2019 |
CVE-2019-1235 | An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka \'Windows Text Service Framework Elevation of Privilege Vulnerability\'. | HIGH | Sep 12, 2019 |
CVE-2019-1234 | A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka \'Azure Stack Spoofing Vulnerability\'. | MEDIUM | Nov 12, 2019 |
CVE-2019-1233 | A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka \'Microsoft Exchange Denial of Service Vulnerability\'. | HIGH | Sep 13, 2019 |
CVE-2019-1232 | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1231 | An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka \'Rome SDK Information Disclosure Vulnerability\'. | MEDIUM | Sep 12, 2019 |
CVE-2019-1230 | An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \'Hyper-V Information Disclosure Vulnerability\'. | MEDIUM | Oct 15, 2019 |
CVE-2019-1229 | An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka \'Dynamics On-Premise Elevation of Privilege Vulnerability\'. | MEDIUM | Aug 22, 2019 |
CVE-2019-1228 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1227. | LOW | Aug 19, 2019 |
CVE-2019-1227 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \'Windows Kernel Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1228. | LOW | Aug 19, 2019 |
CVE-2019-1226 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \'Remote Desktop Services Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222. | High | Aug 19, 2019 |
CVE-2019-1225 | An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka \'Remote Desktop Protocol Server Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1224. | MEDIUM | Aug 22, 2019 |
CVE-2019-1224 | An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka \'Remote Desktop Protocol Server Information Disclosure Vulnerability\'. This CVE ID is unique from CVE-2019-1225. | MEDIUM | Aug 22, 2019 |
CVE-2019-1223 | A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka \'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability\'. | MEDIUM | Aug 22, 2019 |
CVE-2019-1222 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka \'Remote Desktop Services Remote Code Execution Vulnerability\'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226. | High | Aug 19, 2019 |