Filtered by vendor Microsoft
Subscribe
Search
Total
16927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14212 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2019-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling certain XFA JavaScript due to the use of, or access to, a NULL pointer without proper validation on the object. | |||||
| CVE-2019-14208 | 2 Foxitsoftware, Microsoft | 2 Phantompdf, Windows | 2019-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a NULL pointer dereference and crash when getting a PDF object from a document, or parsing a certain portfolio that contains a null dictionary. | |||||
| CVE-2019-7963 | 3 Adobe, Apple, Microsoft | 3 Bridge Cc, Mac Os X, Windows | 2019-07-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Bridge CC version 9.0.2 and earlier versions have an out of bound read vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-7843 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2019-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2019-7847 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2019-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user. | |||||
| CVE-2019-7850 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2019-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | |||||
| CVE-2019-1072 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1134 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-07-19 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-1109 | 1 Microsoft | 2 Office, Office 365 | 2019-07-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. | |||||
| CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2019-07-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | |||||
| CVE-2019-1113 | 1 Microsoft | 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0811 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2019-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | |||||
| CVE-2019-0966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-18 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2019-1076 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-18 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2011-1300 | 3 Google, Microsoft, Mozilla | 3 Chrome, Windows, Firefox | 2019-07-18 | 10.0 HIGH | N/A |
| The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. | |||||
| CVE-2012-0779 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2019-07-18 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. | |||||
| CVE-2019-1116 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-07-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101. | |||||
| CVE-2019-1083 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2019-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | |||||
| CVE-2019-1091 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka 'Microsoft unistore.dll Information Disclosure Vulnerability'. | |||||
| CVE-2019-1108 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. | |||||
| CVE-2019-1112 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-07-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | |||||
| CVE-2019-1096 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-17 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | |||||
| CVE-2019-1097 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. | |||||
| CVE-2019-1093 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. | |||||
| CVE-2019-0867 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0868 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0866 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0867, CVE-2019-0868, CVE-2019-0870, CVE-2019-0871. | |||||
| CVE-2019-0979 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0872. | |||||
| CVE-2019-0874 | 1 Microsoft | 1 Azure Devops Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-0872 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0979. | |||||
| CVE-2019-0871 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0870. | |||||
| CVE-2019-0870 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input, aka 'Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability'. This CVE ID is unique from CVE-2019-0866, CVE-2019-0867, CVE-2019-0868, CVE-2019-0871. | |||||
| CVE-2019-0996 | 1 Microsoft | 1 Azure Devops Server | 2019-07-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery, aka 'Azure DevOps Server Spoofing Vulnerability'. | |||||
| CVE-2019-1071 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073. | |||||
| CVE-2019-1073 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-07-16 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071. | |||||
| CVE-2019-12574 | 2 Londontrustmedia, Microsoft | 2 Private Internet Access Vpn Client, Windows | 2019-07-16 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v1.0 for Windows could allow an authenticated, local attacker to run arbitrary code with elevated privileges. The PIA client is vulnerable to a DLL injection vulnerability during the software update process. The updater loads several libraries from a folder that authenticated users have write access to. A low privileged user can leverage this vulnerability to execute arbitrary code as SYSTEM. | |||||
| CVE-2019-13374 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter. | |||||
| CVE-2019-13375 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection was discovered in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 in PayAction.class.php with the index.php/Pay/passcodeAuth parameter passcode. The vulnerability does not need any authentication. | |||||
| CVE-2019-13373 | 2 Dlink, Microsoft | 2 Central Wifimanager, Windows | 2019-07-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL. | |||||
| CVE-2019-4154 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-07-04 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. | |||||
| CVE-2019-4102 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2019-07-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. | |||||
| CVE-2017-7269 | 1 Microsoft | 2 Internet Information Server, Windows Server 2003 | 2019-07-03 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | |||||
| CVE-2007-1278 | 2 Adobe, Microsoft | 3 Coldfusion, Jrun, Internet Information Server | 2019-07-03 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | |||||
| CVE-2003-1582 | 1 Microsoft | 1 Internet Information Server | 2019-07-03 | 2.6 LOW | N/A |
| Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
| CVE-2017-8533 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2019-06-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. | |||||
| CVE-2018-20505 | 3 Apple, Microsoft, Sqlite | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). | |||||
| CVE-2019-5678 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2019-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure. | |||||
| CVE-2018-19448 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2019-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution. | |||||
| CVE-2018-19449 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2019-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution. | |||||
| CVE-2018-19444 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2019-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation. | |||||