Total
33997 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1265 | 1 Microsoft | 1 Yammer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security feature bypass vulnerability exists when Microsoft Yammer App for Android fails to apply the correct Intune MAM Policy.This could allow an attacker to perform functions that are restricted by Intune Policy.The security update addresses the vulnerability by correcting the way the policy is applied to Yammer App., aka 'Microsoft Yammer Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-1260 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1258 | 1 Microsoft | 2 Active Directory Authentication Library, Nuget | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Azure Active Directory Authentication Library On-Behalf-Of flow, in the way the library caches tokens. This vulnerability allows an authenticated attacker to perform actions in context of another user. The authenticated attacker can exploit this vulneraiblity by accessing a service configured for On-Behalf-Of flow that assigns incorrect tokens. This security update addresses the vulnerability by removing fallback cache look-up for On-Behalf-Of scenarios. | |||||
| CVE-2019-1256 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1285. | |||||
| CVE-2019-1255 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. | |||||
| CVE-2019-1250 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249. | |||||
| CVE-2019-1249 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1250. | |||||
| CVE-2019-1248 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1247 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1246 | 1 Microsoft | 10 Office, Office 365 Proplus, Windows 10 and 7 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1243 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1242 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1241, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1241 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1240, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1240 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250. | |||||
| CVE-2019-1239 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1238. | |||||
| CVE-2019-1238 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2024-11-21 | 7.1 HIGH | 6.4 MEDIUM |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1239. | |||||
| CVE-2019-1233 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | |||||
| CVE-2019-1232 | 1 Microsoft | 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. | |||||
| CVE-2019-1226 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. | |||||