Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12164 | 1 Status | 1 React Native Desktop | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution. | |||||
| CVE-2019-1226 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1222. | |||||
| CVE-2019-12180 | 1 Smartbear | 2 Readyapi, Soapui | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. | |||||
| CVE-2019-12204 | 1 Silverstripe | 1 Silverstripe | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In SilverStripe through 4.3.3, a missing warning about leaving install.php in a public webroot can lead to unauthenticated admin access. | |||||
| CVE-2019-1222 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1181, CVE-2019-1182, CVE-2019-1226. | |||||
| CVE-2019-1223 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability'. | |||||
| CVE-2019-12243 | 1 Istio | 1 Istio | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| Istio 1.1.x through 1.1.6 has Incorrect Access Control. | |||||
| CVE-2019-12278 | 1 Opera | 1 Opera | 2020-08-24 | 4.3 MEDIUM | 4.3 MEDIUM |
| Opera through 53 on Android allows Address Bar Spoofing. Characters from several languages are displayed in Right-to-Left order, due to mishandling of several Unicode characters. The rendering mechanism, in conjunction with the "first strong character" concept, may improperly operate on a numerical IP address or an alphabetic string, leading to a spoofed URL. | |||||
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-12291 | 1 Hashicorp | 1 Consul | 2020-08-24 | 6.4 MEDIUM | 7.5 HIGH |
| HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured. | |||||
| CVE-2019-12292 | 1 Citrix | 1 Appdna | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. | |||||
| CVE-2019-12301 | 1 Percona | 1 Percona Server | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| The Percona Server 5.6.44-85.0-1 packages for Debian and Ubuntu suffered an issue where the server would reset the root password to a blank value upon an upgrade. This was fixed in 5.6.44-85.0-2. | |||||
| CVE-2019-1233 | 1 Microsoft | 1 Exchange Server | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | |||||
| CVE-2019-1238 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.1 HIGH | 6.4 MEDIUM |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | |||||
| CVE-2019-1239 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238. | |||||
| CVE-2019-1240 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-12413 | 1 Apache | 1 Incubator Superset | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | |||||
| CVE-2019-1242 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-12426 | 1 Apache | 1 Ofbiz | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06 | |||||
| CVE-2019-12428 | 1 Gitlab | 1 Gitlab | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 6.8 through 11.11. Users could bypass the mandatory external authentication provider sign-in restrictions by sending a specially crafted request. It has Improper Authorization. | |||||