Latest CVE Feed
-
5.5
MEDIUMCVE-2019-16010
A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability... Read more
Affected Products : sd-wan_firmware vedge_100 vedge_1000 vedge_100b vedge_100m vedge_100wm vedge_2000 vedge_5000 1100-4g_integrated_services_router 1100-4gltegb_integrated_services_router +2 more products- EPSS Score: %0.24
- Published: Mar. 19, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-15118
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.... Read more
- EPSS Score: %0.14
- Published: Aug. 16, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-14562
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.... Read more
- EPSS Score: %0.04
- Published: Nov. 23, 2020
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1446
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.... Read more
- EPSS Score: %8.48
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1442
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vul... Read more
Affected Products : sharepoint_server- EPSS Score: %7.10
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1440
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1436.... Read more
- EPSS Score: %1.62
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-13960
In libjpeg-turbo 2.0.2, a large amount of memory can be used during processing of an invalid progressive JPEG image containing incorrect width and height values in the image header. NOTE: the vendor's expectation, for use cases in which this memory usage ... Read more
Affected Products : libjpeg-turbo- EPSS Score: %0.16
- Published: Jul. 18, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1382
An elevation of privilege vulnerability exists when ActiveX Installer service may allow access to files without proper authentication, aka 'Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability'.... Read more
- EPSS Score: %0.35
- Published: Nov. 12, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1344
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.... Read more
- EPSS Score: %8.12
- Published: Oct. 10, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-12972
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of typ... Read more
- EPSS Score: %0.24
- Published: Jun. 26, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1289
An elevation of privilege vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions, aka 'Windows Update Delivery Optimization Elevation of Privilege Vulnerability'.... Read more
- EPSS Score: %0.21
- Published: Sep. 11, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-12455
An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and sy... Read more
Affected Products : linux_kernel- EPSS Score: %0.07
- Published: May. 30, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-12382
An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system... Read more
Affected Products : linux_kernel- EPSS Score: %0.13
- Published: May. 28, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1143
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There a... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +7 more products- EPSS Score: %0.90
- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1096
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.... Read more
- EPSS Score: %34.56
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1071
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1073.... Read more
- EPSS Score: %0.35
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1010319
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file... Read more
- EPSS Score: %1.04
- Published: Jul. 11, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-1010189
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.... Read more
Affected Products : mgetty- EPSS Score: %0.16
- Published: Jul. 24, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-10021
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.... Read more
Affected Products : xpdf- EPSS Score: %0.16
- Published: Mar. 25, 2019
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2019-14292
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.... Read more
Affected Products : xpdfreader- EPSS Score: %0.17
- Published: Jul. 27, 2019
- Modified: Nov. 21, 2024