CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2019-1617 913 DoS 2019-03-11 2019-10-09
6.1
None Local Network Low Not required None None Complete
A vulnerability in the Fibre Channel over Ethernet (FCoE) N-port Virtualization (NPV) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to an incorrect processing of FCoE packets when the fcoe-npv feature is uninstalled. An attacker could exploit this vulnerability by sending a stream of FCoE frames from an adjacent host to an affected device. An exploit could allow the attacker to cause packet amplification to occur, resulting in the saturation of interfaces and a DoS condition. Nexus 9000 Series Switches in Standalone NX-OS Mode are affected running software versions prior to 7.0(3)I7(5) and 9.2(2).
1352 CVE-2019-1595 913 DoS 2019-03-06 2019-10-09
6.1
None Local Network Low Not required None None Complete
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an incorrect allocation of an internal interface index. An adjacent attacker with the ability to submit a crafted FCoE packet that crosses affected interfaces could trigger this vulnerability. A successful exploit could allow the attacker to cause a packet loop and high throughput on the affected interfaces, resulting in a DoS condition. This vulnerability has been fixed in version 7.3(5)N1(1).
1353 CVE-2019-1594 20 DoS 2019-03-06 2019-10-09
6.1
None Local Network Low Not required None None Complete
A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4).
1354 CVE-2019-1590 295 2019-05-03 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.
1355 CVE-2019-1584 20 Exec Code 2019-10-09 2019-10-11
6.8
None Remote Medium Not required Partial Partial Partial
A security vulnerability exists in Zingbox Inspector version 1.293 and earlier, that allows for remote code execution if the Inspector were sent a malicious command from the Zingbox cloud, or if the Zingbox Inspector were tampered with to connect to an attacker's cloud endpoint.
1356 CVE-2019-1583 264 2019-08-23 2019-08-30
6.0
None Remote Medium Single system Partial Partial Partial
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim.
1357 CVE-2019-1582 119 Overflow Mem. Corr. 2019-08-23 2019-08-30
6.5
None Remote Low Single system Partial Partial Partial
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
1358 CVE-2019-1579 20 Exec Code 2019-07-19 2019-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
1359 CVE-2019-1577 94 2019-07-01 2019-07-08
6.5
None Remote Low Single system Partial Partial Partial
Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.
1360 CVE-2019-1576 77 2019-07-16 2019-10-10
6.5
None Remote Low Single system Partial Partial Partial
Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user?s permissions.
1361 CVE-2019-1575 200 +Info 2019-07-16 2019-07-19
6.5
None Remote Low Single system Partial Partial Partial
Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them.
1362 CVE-2019-1302 20 2019-09-11 2019-09-12
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.
1363 CVE-2019-1296 20 Exec Code 2019-09-11 2019-09-12
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
1364 CVE-2019-1295 20 Exec Code 2019-09-11 2019-09-12
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
1365 CVE-2019-1292 119 DoS Overflow 2019-09-11 2019-09-12
6.8
None Remote Low Single system None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
1366 CVE-2019-1264 20 Bypass 2019-09-11 2019-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.
1367 CVE-2019-1261 352 CSRF 2019-09-11 2019-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259.
1368 CVE-2019-1259 352 CSRF 2019-09-11 2019-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261.
1369 CVE-2019-1258 264 2019-08-14 2019-08-22
6.5
None Remote Low Single system Partial Partial Partial
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'.
1370 CVE-2019-1257 20 Exec Code 2019-09-11 2019-09-12
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296.
1371 CVE-2019-1229 264 2019-08-14 2019-08-22
6.5
None Remote Low Single system Partial Partial Partial
An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.
1372 CVE-2019-1161 264 2019-08-14 2019-08-22
6.6
None Local Low Not required None Complete Complete
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
1373 CVE-2019-1113 20 Exec Code 2019-07-15 2019-07-19
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'.
1374 CVE-2019-1109 20 2019-07-15 2019-07-19
6.4
None Remote Low Not required Partial Partial None
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.
1375 CVE-2019-1077 264 2019-07-15 2019-07-19
6.6
None Local Low Not required None Complete Complete
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.
1376 CVE-2019-1068 20 Exec Code 2019-07-15 2019-07-16
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
1377 CVE-2019-1037 264 2019-07-15 2019-07-17
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
1378 CVE-2019-1019 254 Bypass 2019-06-12 2019-07-19
6.0
None Remote Medium Single system Partial Partial Partial
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'.
1379 CVE-2019-0995 254 Bypass 2019-05-16 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.
1380 CVE-2019-0985 119 Exec Code Overflow 2019-06-12 2019-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'.
1381 CVE-2019-0975 254 Bypass 2019-07-15 2019-07-22
6.8
None Remote Medium Not required Partial Partial Partial
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126.
1382 CVE-2019-0972 254 DoS 2019-06-12 2019-06-13
6.8
None Remote Low Single system None None Complete
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.
1383 CVE-2019-0958 264 2019-05-16 2019-05-17
6.5
None Remote Low Single system Partial Partial Partial
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957.
1384 CVE-2019-0957 264 2019-05-16 2019-05-17
6.5
None Remote Low Single system Partial Partial Partial
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958.
1385 CVE-2019-0952 254 Exec Code 2019-05-16 2019-06-10
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
1386 CVE-2019-0938 264 2019-05-16 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
1387 CVE-2019-0931 264 2019-05-16 2019-05-20
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.
1388 CVE-2019-0827 20 Exec Code 2019-04-09 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826.
1389 CVE-2019-0826 20 Exec Code 2019-04-09 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827.
1390 CVE-2019-0825 20 Exec Code 2019-04-09 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827.
1391 CVE-2019-0824 20 Exec Code 2019-04-09 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.
1392 CVE-2019-0823 20 Exec Code 2019-04-09 2019-04-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827.
1393 CVE-2019-0809 426 Exec Code 2019-04-08 2019-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'.
1394 CVE-2019-0801 19 Exec Code 2019-04-09 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'.
1395 CVE-2019-0716 119 DoS Overflow 2019-08-14 2019-08-19
6.8
None Remote Low Single system None None Complete
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.
1396 CVE-2019-0707 264 2019-05-16 2019-05-21
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.
1397 CVE-2019-0604 20 Exec Code 2019-03-05 2019-06-10
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
1398 CVE-2019-0594 20 Exec Code 2019-03-05 2019-06-10
6.5
None Remote Low Single system Partial Partial Partial
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.
1399 CVE-2019-0574 264 2019-01-08 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.
1400 CVE-2019-0573 264 2019-01-08 2019-01-15
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.