| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1302 |
20 |
|
|
2019-09-11 |
2019-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. |
|
2 |
CVE-2019-1296 |
20 |
|
Exec Code |
2019-09-11 |
2019-09-12 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. |
|
3 |
CVE-2019-1295 |
20 |
|
Exec Code |
2019-09-11 |
2019-09-12 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. |
|
4 |
CVE-2019-1292 |
119 |
|
DoS Overflow |
2019-09-11 |
2019-09-12 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. |
|
5 |
CVE-2019-1264 |
20 |
|
Bypass |
2019-09-11 |
2019-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'. |
|
6 |
CVE-2019-1261 |
352 |
|
CSRF |
2019-09-11 |
2019-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1259. |
|
7 |
CVE-2019-1259 |
352 |
|
CSRF |
2019-09-11 |
2019-09-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1261. |
|
8 |
CVE-2019-1258 |
264 |
|
|
2019-08-14 |
2019-08-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens, aka 'Azure Active Directory Authentication Library Elevation of Privilege Vulnerability'. |
|
9 |
CVE-2019-1257 |
20 |
|
Exec Code |
2019-09-11 |
2019-09-12 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1295, CVE-2019-1296. |
|
10 |
CVE-2019-1229 |
264 |
|
|
2019-08-14 |
2019-08-22 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'. |
|
11 |
CVE-2019-1161 |
264 |
|
|
2019-08-14 |
2019-08-22 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. |
|
12 |
CVE-2019-1113 |
20 |
|
Exec Code |
2019-07-15 |
2019-07-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. |
|
13 |
CVE-2019-1109 |
20 |
|
|
2019-07-15 |
2019-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. |
|
14 |
CVE-2019-1077 |
264 |
|
|
2019-07-15 |
2019-07-19 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'. |
|
15 |
CVE-2019-1068 |
20 |
|
Exec Code |
2019-07-15 |
2019-07-16 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. |
|
16 |
CVE-2019-1037 |
264 |
|
|
2019-07-15 |
2019-07-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. |
|
17 |
CVE-2019-1019 |
254 |
|
Bypass |
2019-06-12 |
2019-07-19 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows Security Feature Bypass Vulnerability'. |
|
18 |
CVE-2019-0995 |
254 |
|
Bypass |
2019-05-16 |
2019-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'. |
|
19 |
CVE-2019-0985 |
119 |
|
Exec Code Overflow |
2019-06-12 |
2019-06-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input, aka 'Microsoft Speech API Remote Code Execution Vulnerability'. |
|
20 |
CVE-2019-0975 |
254 |
|
Bypass |
2019-07-15 |
2019-07-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126. |
|
21 |
CVE-2019-0972 |
254 |
|
DoS |
2019-06-12 |
2019-06-13 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. |
|
22 |
CVE-2019-0958 |
264 |
|
|
2019-05-16 |
2019-05-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0957. |
|
23 |
CVE-2019-0957 |
264 |
|
|
2019-05-16 |
2019-05-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. |
|
24 |
CVE-2019-0952 |
254 |
|
Exec Code |
2019-05-16 |
2019-06-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. |
|
25 |
CVE-2019-0938 |
264 |
|
|
2019-05-16 |
2019-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. |
|
26 |
CVE-2019-0931 |
264 |
|
|
2019-05-16 |
2019-05-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. |
|
27 |
CVE-2019-0827 |
20 |
|
Exec Code |
2019-04-09 |
2019-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0826. |
|
28 |
CVE-2019-0826 |
20 |
|
Exec Code |
2019-04-09 |
2019-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0825, CVE-2019-0827. |
|
29 |
CVE-2019-0825 |
20 |
|
Exec Code |
2019-04-09 |
2019-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826, CVE-2019-0827. |
|
30 |
CVE-2019-0824 |
20 |
|
Exec Code |
2019-04-09 |
2019-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. |
|
31 |
CVE-2019-0823 |
20 |
|
Exec Code |
2019-04-09 |
2019-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0824, CVE-2019-0825, CVE-2019-0826, CVE-2019-0827. |
|
32 |
CVE-2019-0809 |
426 |
|
Exec Code |
2019-04-08 |
2019-04-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files, aka 'Visual Studio Remote Code Execution Vulnerability'. |
|
33 |
CVE-2019-0801 |
19 |
|
Exec Code |
2019-04-09 |
2019-04-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'. |
|
34 |
CVE-2019-0716 |
119 |
|
DoS Overflow |
2019-08-14 |
2019-08-19 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. |
|
35 |
CVE-2019-0707 |
264 |
|
|
2019-05-16 |
2019-05-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'. |
|
36 |
CVE-2019-0604 |
20 |
|
Exec Code |
2019-03-05 |
2019-06-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. |
|
37 |
CVE-2019-0594 |
20 |
|
Exec Code |
2019-03-05 |
2019-06-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604. |
|
38 |
CVE-2019-0574 |
264 |
|
|
2019-01-08 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573. |
|
39 |
CVE-2019-0573 |
264 |
|
|
2019-01-08 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574. |
|
40 |
CVE-2019-0572 |
264 |
|
|
2019-01-08 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574. |
|
41 |
CVE-2019-0571 |
264 |
|
|
2019-01-08 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574. |
|
42 |
CVE-2019-0566 |
264 |
|
|
2019-01-08 |
2019-01-15 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. |
|
43 |
CVE-2018-8635 |
20 |
|
|
2018-12-11 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. |
|
44 |
CVE-2018-8592 |
|
|
|
2018-11-13 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019. |
|
45 |
CVE-2018-8569 |
20 |
|
Exec Code |
2018-10-23 |
2019-01-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This affects Yammer Desktop App. |
|
46 |
CVE-2018-8479 |
295 |
|
|
2018-09-12 |
2018-12-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. |
|
47 |
CVE-2018-8475 |
20 |
|
Exec Code |
2018-09-12 |
2018-11-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
|
48 |
CVE-2018-8438 |
20 |
|
DoS |
2018-09-12 |
2018-11-02 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. |
|
49 |
CVE-2018-8399 |
404 |
|
|
2018-08-15 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. |
|
50 |
CVE-2018-8339 |
20 |
|
|
2018-08-15 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
