| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-0001 | Junos OS: MX Series: uncontrolled recursion and crash in Broadband Edge subscriber management daemon (bbe-smgd). | S | |
| CVE-2019-0002 | Junos OS: EX2300 and EX3400 series: Certain stateless firewall filter rules might not take effect | S | |
| CVE-2019-0003 | Junos OS: A flowspec BGP update with a specific term-order causes routing protocol daemon (rpd) process to crash with a core. | S | |
| CVE-2019-0004 | Juniper ATP: API and device keys are logged in a world-readable permissions file | S | |
| CVE-2019-0005 | On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform pack... | | |
| CVE-2019-0006 | Junos OS: EX, QFX and MX series: Packet Forwarding Engine manager (FXPC) process crashes due to a crafted HTTP packet in a Virtual Chassis configuration | S | |
| CVE-2019-0007 | Junos OS: vMX series: Predictable IP ID sequence numbers vulnerability | S | |
| CVE-2019-0008 | QFX5000 Series, EX4300, EX4600: A stack buffer overflow vulnerability in Packet Forwarding Engine manager (FXPC) process | S | |
| CVE-2019-0009 | Junos OS: EX2300 and EX3400: High disk I/O operations may disrupt the communication between RE and PFE | S | |
| CVE-2019-0010 | Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service | S | |
| CVE-2019-0011 | Junos OS: Kernel crash after processing specific incoming packet to the out of band management interface (CVE-2019-0011) | S | |
| CVE-2019-0012 | Junos OS: rpd crash on VPLS PE upon receipt of specific BGP message | S | |
| CVE-2019-0013 | Junos OS: RPD crash upon receipt of malformed PIM packet | S | |
| CVE-2019-0014 | Junos OS: QFX and PTX Series: FPC process crashes after J-Flow processes a malformed packet | S | |
| CVE-2019-0015 | Junos OS: SRX Series: Deleted dynamic VPN users are allowed to establish VPN connections until reboot | S | |
| CVE-2019-0016 | Junos Space: Authenticated user able to delete devices without delete device privileges | M | |
| CVE-2019-0017 | Junos Space: Unrestricted file upload vulnerability | M | |
| CVE-2019-0018 | Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu | S | |
| CVE-2019-0019 | BGP packets can trigger rpd crash when BGP tracing is enabled. | S | |
| CVE-2019-0020 | Juniper ATP: Hard coded credentials used in Web Collector | S | |
| CVE-2019-0021 | Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text | S | |
| CVE-2019-0022 | Juniper ATP: Two hard coded credentials sharing the same password give an attacker the ability to take control of any installation of the software. | S | |
| CVE-2019-0023 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu | S | |
| CVE-2019-0024 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Email Collectors menu | S | |
| CVE-2019-0025 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in RADIUS configuration menu | S | |
| CVE-2019-0026 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in Zone configuration | S | |
| CVE-2019-0027 | Juniper ATP: Persistent Cross-Site Scripting vulnerability in Snort Rules configuration | S | |
| CVE-2019-0028 | Junos OS: RPD process crashes due to specific BGP peer restarts condition. | S | |
| CVE-2019-0029 | Juniper ATP: Splunk credentials are in logged in clear text | S | |
| CVE-2019-0030 | Juniper ATP: Password hashing uses DES and a hardcoded salt | S | |
| CVE-2019-0031 | Junos OS: jdhcpd daemon memory consumption Denial of Service when receiving specific IPv6 DHCP packets. | S | |
| CVE-2019-0032 | Junos Space Service Now and Service Insight: Organization username and password stored in plaintext in log files. | S | |
| CVE-2019-0033 | SRX Series: A remote attacker may cause a high CPU Denial of Service to the device when proxy ARP is configured. | S | |
| CVE-2019-0034 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was withdrawn by its CNA. ... | R | |
| CVE-2019-0035 | Junos OS: 'set system ports console insecure' allows root password recovery on OAM volumes | S | |
| CVE-2019-0036 | Junos OS: Firewall filter terms named "internal-1" and "internal-2" being ignored | S | |
| CVE-2019-0037 | Junos OS: jdhcpd crash upon receipt of crafted DHCPv6 solicit message | S | |
| CVE-2019-0038 | SRX Series: Crafted packets destined to fxp0 management interface on SRX340/SRX345 devices can lead to DoS | S | |
| CVE-2019-0039 | Junos OS: Login credentials are vulnerable to brute force attacks through the REST API | S | |
| CVE-2019-0040 | Junos OS: Specially crafted packets sent to port 111 on any interface triggers responses from the management interface | S | |
| CVE-2019-0041 | Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface. | S | |
| CVE-2019-0042 | Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices | S | |
| CVE-2019-0043 | Junos OS: RPD process crashes upon receipt of a specific SNMP packet | S | |
| CVE-2019-0044 | Junos OS: SRX5000 series: Kernel crash (vmcore) upon receipt of a specific packet on fxp0 interface | S | |
| CVE-2019-0046 | Junos OS: EX4300 Series: Denial of Service upon receipt of large number of specific valid packets on management interface. | S | |
| CVE-2019-0047 | Junos OS: Persistent XSS vulnerability in J-Web | S | |
| CVE-2019-0048 | EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail | S | |
| CVE-2019-0049 | Junos OS: RPD process crashes when BGP peer restarts | S | |
| CVE-2019-0050 | Junos OS: SRX1500: Denial of service due to crash of srxpfe process under heavy traffic conditions. | S | |
| CVE-2019-0051 | SRX5000 Series: Denial of Service vulnerability in SSL-Proxy feature. | S | |
| CVE-2019-0052 | SRX Series: srxpfe process crash while JSF/UTM module parses specific HTTP packets | S | |
| CVE-2019-0053 | Junos OS: Insufficient validation of environment variables in telnet client may lead to stack-based buffer overflow | E S | |
| CVE-2019-0054 | Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates. | S | |
| CVE-2019-0055 | Junos OS: SRX Series: An attacker may cause flowd to crash by sending certain valid SIP traffic to a device with SIP ALG enabled. | S | |
| CVE-2019-0056 | Junos OS: MX Series: An MPC10 Denial of Service (DoS) due to OSPF states transitioning to Down, causes traffic to stop forwarding through the device. | S | |
| CVE-2019-0057 | NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system. | S | |
| CVE-2019-0058 | Junos OS: SRX Series: A weakness in the Veriexec subsystem may allow privilege escalation. | S | |
| CVE-2019-0059 | Junos OS: The routing protocol process (rpd) may crash and generate core files upon receipt of specific valid BGP states from a peered host. | S | |
| CVE-2019-0060 | Junos OS: SRX Series: flowd process crash due to processing of specific transit IP packets | S | |
| CVE-2019-0061 | Junos OS: Insecure management daemon (MGD) configuration may allow local privilege escalation | S | |
| CVE-2019-0062 | Junos OS: Session fixation vulnerability in J-Web | S | |
| CVE-2019-0063 | Junos OS: MX Series: jdhcpd crash when receiving a specific crafted DHCP response message | S | |
| CVE-2019-0064 | Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet | S | |
| CVE-2019-0065 | Junos OS: MX Series: Denial of Service vulnerability in MS-PIC component on MS-MIC or MS-MPC | S | |
| CVE-2019-0066 | Junos OS: A malformed IPv4 packet received by Junos in an NG-mVPN scenario may cause the routing protocol daemon (rpd) process to core | S | |
| CVE-2019-0067 | Junos OS: Kernel crash (vmcore) upon receipt of a specific link-local IPv6 packet on devices configured with Multi-Chassis Link Aggregation Group (MC-LAG) | S | |
| CVE-2019-0068 | Junos OS: SRX Series: Denial of Service vulnerability in flowd due to multicast packets | S | |
| CVE-2019-0069 | Junos OS: vSRX, SRX1500, SRX4K, ACX5K, EX4600, QFX5100, QFX5110, QFX5200, QFX10K and NFX Series: console management port device authentication credentials are logged in clear text | S | |
| CVE-2019-0070 | Junos OS: NFX Series: An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions. | S | |
| CVE-2019-0071 | Junos OS: EX2300, EX3400 Series: Veriexec signature checking not enforced in specific versions of Junos OS | S | |
| CVE-2019-0072 | SBR Carrier: A vulnerability in the identity and access management certificate generation procedure allows a local attacker to gain access to confidential information. | S | |
| CVE-2019-0073 | Junos OS: PKI key pairs are exported with insecure file permissions | S | |
| CVE-2019-0074 | Junos OS: NFX150 Series, QFX10K Series, EX9200 Series, MX Series, PTX Series: Path traversal vulnerability in NFX150 and NG-RE leads to information disclosure. | S | |
| CVE-2019-0075 | Junos OS: SRX Series: Denial of Service vulnerability in srxpfe related to PIM | S | |
| CVE-2019-0086 | Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME b... | | |
| CVE-2019-0087 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0088 | Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow ... | | |
| CVE-2019-0089 | Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.0... | | |
| CVE-2019-0090 | Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.... | | |
| CVE-2019-0091 | Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22... | | |
| CVE-2019-0092 | Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 1... | | |
| CVE-2019-0093 | Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.... | | |
| CVE-2019-0094 | Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 1... | | |
| CVE-2019-0095 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0096 | Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11... | | |
| CVE-2019-0097 | Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may... | | |
| CVE-2019-0098 | Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3... | | |
| CVE-2019-0099 | Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.0... | | |
| CVE-2019-0100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0101 | Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthent... | S | |
| CVE-2019-0102 | Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before versio... | | |
| CVE-2019-0103 | Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version ... | | |
| CVE-2019-0104 | Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before versio... | | |
| CVE-2019-0105 | Insufficient file permissions checking in install routine for Intel(R) Data Center Manager SDK befor... | M | |
| CVE-2019-0106 | Insufficient run protection in install routine for Intel(R) Data Center Manager SDK before version 5... | | |
| CVE-2019-0107 | Insufficient user prompt in install routine for Intel(R) Data Center Manager SDK before version 5.0.... | | |
| CVE-2019-0108 | Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an aut... | | |
| CVE-2019-0109 | Improper folder permissions in Intel(R) Data Center Manager SDK before version 5.0.2 may allow an au... | | |
| CVE-2019-0110 | Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an a... | | |
| CVE-2019-0111 | Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an aut... | | |
| CVE-2019-0112 | Improper flow control in crypto routines for Intel(R) Data Center Manager SDK before version 5.0.2 m... | | |
| CVE-2019-0113 | Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.... | | |
| CVE-2019-0114 | A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10... | | |
| CVE-2019-0115 | Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.506... | | |
| CVE-2019-0116 | An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15... | | |
| CVE-2019-0117 | Insufficient access control in protected memory subsystem for Intel(R) SGX for 6th, 7th, 8th, 9th Ge... | | |
| CVE-2019-0118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0119 | Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) X... | | |
| CVE-2019-0120 | Insufficient key protection vulnerability in silicon reference firmware for Intel(R) Pentium(R) Proc... | | |
| CVE-2019-0121 | Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authentic... | | |
| CVE-2019-0122 | Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before... | | |
| CVE-2019-0123 | Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting SG... | | |
| CVE-2019-0124 | Insufficient memory protection in Intel(R) 6th Generation Core Processors and greater, supporting TX... | | |
| CVE-2019-0125 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0126 | Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, I... | | |
| CVE-2019-0127 | Logic error in the installer for Intel(R) OpenVINO(TM) 2018 R3 and before for Linux may allow a priv... | | |
| CVE-2019-0128 | Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) befo... | S | |
| CVE-2019-0129 | Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated us... | | |
| CVE-2019-0130 | Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before vers... | S | |
| CVE-2019-0131 | Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.... | | |
| CVE-2019-0132 | Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user... | | |
| CVE-2019-0133 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0134 | Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and befo... | | |
| CVE-2019-0135 | Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe befo... | | |
| CVE-2019-0136 | Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.1... | | |
| CVE-2019-0137 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0138 | Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an au... | | |
| CVE-2019-0139 | Insufficient access control in firmware for Intel(R) Ethernet 700 Series Controllers before version ... | S | |
| CVE-2019-0140 | Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allo... | S | |
| CVE-2019-0141 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2019-0142 | Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers befo... | S | |
| CVE-2019-0143 | Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions bef... | S | |
| CVE-2019-0144 | Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may ... | S | |
| CVE-2019-0145 | Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may ... | S | |
| CVE-2019-0146 | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may... | S | |
| CVE-2019-0147 | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions b... | S | |
| CVE-2019-0148 | Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may al... | S | |
| CVE-2019-0149 | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions b... | S | |
| CVE-2019-0150 | Insufficient access control in firmware Intel(R) Ethernet 700 Series Controllers versions before 7.0... | S | |
| CVE-2019-0151 | Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeo... | | |
| CVE-2019-0152 | Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R)... | | |
| CVE-2019-0153 | Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated us... | | |
| CVE-2019-0154 | Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th G... | | |
| CVE-2019-0155 | Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th... | | |
| CVE-2019-0156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0157 | Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user t... | | |
| CVE-2019-0158 | Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer fo... | S | |
| CVE-2019-0159 | Insufficient memory protection in the Linux Administrative Tools for Intel(R) Network Adapters befor... | S | |
| CVE-2019-0160 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable e... | | |
| CVE-2019-0161 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of ... | S | |
| CVE-2019-0162 | Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to ... | M | |
| CVE-2019-0163 | Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYB... | S | |
| CVE-2019-0164 | Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0... | | |
| CVE-2019-0165 | Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and... | | |
| CVE-2019-0166 | Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 1... | | |
| CVE-2019-0167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0168 | Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 an... | | |
| CVE-2019-0169 | Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; In... | | |
| CVE-2019-0170 | Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to p... | | |
| CVE-2019-0171 | Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authen... | S | |
| CVE-2019-0172 | A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker ... | | |
| CVE-2019-0173 | Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an u... | S | |
| CVE-2019-0174 | Logic condition in specific microprocessors may allow an authenticated user to potentially enable pa... | | |
| CVE-2019-0175 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0176 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0177 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0178 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0179 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0180 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0181 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0182 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0183 | Insufficient password protection in the attestation database for Open CIT may allow an authenticated... | | |
| CVE-2019-0184 | Insufficient access control in protected memory subsystem for Intel(R) TXT for 6th, 7th, 8th and 9th... | | |
| CVE-2019-0185 | Insufficient access control in protected memory subsystem for SMM for 6th, 7th, 8th and 9th Generati... | | |
| CVE-2019-0186 | The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cros... | E M | |
| CVE-2019-0187 | Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line optio... | | |
| CVE-2019-0188 | Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611)... | | |
| CVE-2019-0189 | The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is expose... | | |
| CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefu... | | |
| CVE-2019-0191 | Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "res... | | |
| CVE-2019-0192 | In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JM... | M | |
| CVE-2019-0193 | In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases... | KEV S | |
| CVE-2019-0194 | Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, ... | E | |
| CVE-2019-0195 | Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the clas... | | |
| CVE-2019-0196 | A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the ht... | S | |
| CVE-2019-0197 | A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http... | S | |
| CVE-2019-0198 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2019-0199 | The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams w... | | |
| CVE-2019-0200 | A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive)... | | |
| CVE-2019-0201 | An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s g... | S | |
| CVE-2019-0202 | The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on host... | | |
| CVE-2019-0203 | In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve serv... | S | |
| CVE-2019-0204 | A specifically crafted Docker image running under the root user can overwrite the init helper binary... | | |
| CVE-2019-0205 | In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless... | S | |
| CVE-2019-0206 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0207 | Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher ->... | | |
| CVE-2019-0208 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0209 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0210 | In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProto... | S | |
| CVE-2019-0211 | In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi... | KEV E S | |
| CVE-2019-0212 | In all previously released Apache HBase 2.x versions (2.0.0-2.0.4, 2.1.0-2.1.3), authorization was i... | | |
| CVE-2019-0213 | In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configur... | | |
| CVE-2019-0214 | In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary lo... | M | |
| CVE-2019-0215 | In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location clien... | M | |
| CVE-2019-0216 | A malicious admin user could edit the state of objects in the Airflow metadata database to execute a... | | |
| CVE-2019-0217 | In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running... | S | |
| CVE-2019-0218 | A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaSc... | | |
| CVE-2019-0219 | A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the m... | S | |
| CVE-2019-0220 | A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a reques... | S | |
| CVE-2019-0221 | The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 ... | | |
| CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory... | M | |
| CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton ... | | |
| CVE-2019-0224 | In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another us... | | |
| CVE-2019-0225 | A specially crafted url could be used to access files under the ROOT directory of the application on... | | |
| CVE-2019-0226 | Apache Karaf Config service provides a install method (via service or MBean) that could be used to t... | | |
| CVE-2019-0227 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that wa... | E S | |
| CVE-2019-0228 | Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent att... | | |
| CVE-2019-0229 | A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate pr... | | |
| CVE-2019-0230 | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag... | E S | |
| CVE-2019-0231 | Apache MINA SSLFilter security Issue | | |
| CVE-2019-0232 | When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.... | | |
| CVE-2019-0233 | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when pe... | S | |
| CVE-2019-0234 | A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment ... | | |
| CVE-2019-0235 | Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.... | E | |
| CVE-2019-0238 | SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently en... | | |
| CVE-2019-0240 | SAP Business Objects Mobile for Android (before 6.3.5) application allows an attacker to provide mal... | | |
| CVE-2019-0241 | SAP Work and Inventory Manager (Agentry_SDK , before 7.0, 7.1) allows an attacker to prevent legitim... | | |
| CVE-2019-0243 | Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 (SP08... | | |
| CVE-2019-0244 | SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01)... | | |
| CVE-2019-0245 | SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01)... | | |
| CVE-2019-0246 | SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functiona... | | |
| CVE-2019-0247 | SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed b... | | |
| CVE-2019-0248 | Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52,... | | |
| CVE-2019-0249 | Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information... | | |
| CVE-2019-0251 | The Fiori Launchpad of SAP BusinessObjects, before versions 4.2 and 4.3, does not sufficiently encod... | | |
| CVE-2019-0254 | SAP Disclosure Management (before version 10.1 Stack 1301) does not sufficiently encode user-control... | | |
| CVE-2019-0255 | SAP NetWeaver AS ABAP Platform, Krnl64nuc 7.74, krnl64UC 7.73, 7.74, Kernel 7.73, 7.74, 7.75, fails ... | | |
| CVE-2019-0256 | Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to ... | | |
| CVE-2019-0257 | Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, fro... | | |
| CVE-2019-0258 | SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an aut... | | |
| CVE-2019-0259 | SAP BusinessObjects, versions 4.2 and 4.3, (Visual Difference) allows an attacker to upload any file... | | |
| CVE-2019-0261 | Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) do... | | |
| CVE-2019-0262 | SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled i... | | |
| CVE-2019-0265 | SLD Registration of ABAP Platform allows an attacker to prevent legitimate users from accessing a se... | | |
| CVE-2019-0266 | Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS adv... | | |
| CVE-2019-0267 | SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) ... | | |
| CVE-2019-0268 | SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does ... | | |
| CVE-2019-0269 | SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.10 and 4.20, does not ... | | |
| CVE-2019-0270 | ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an... | | |
| CVE-2019-0271 | ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XM... | | |
| CVE-2019-0274 | SAP Mobile Platform SDK allows an attacker to prevent legitimate users from accessing a service, eit... | | |
| CVE-2019-0275 | SAML 1.1 SSO Demo Application in SAP NetWeaver Java Application Server (J2EE-APPS), versions 7.10 to... | | |
| CVE-2019-0276 | Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPS... | | |
| CVE-2019-0277 | SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML do... | | |
| CVE-2019-0278 | Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging ... | | |
| CVE-2019-0279 | ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPI... | | |
| CVE-2019-0280 | SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; ... | | |
| CVE-2019-0281 | SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficien... | | |
| CVE-2019-0282 | Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 t... | | |
| CVE-2019-0283 | SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40... | | |
| CVE-2019-0284 | SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML docu... | | |
| CVE-2019-0285 | The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) disclos... | | |
| CVE-2019-0287 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Serv... | | |
| CVE-2019-0289 | Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), ver... | | |
| CVE-2019-0291 | Under certain conditions Solution Manager, version 7.2, allows an attacker to access information whi... | | |
| CVE-2019-0293 | Read of RFC destination does not always perform necessary authorization checks, resulting in escalat... | | |
| CVE-2019-0298 | SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled input... | | |
| CVE-2019-0301 | Under certain conditions, it is possible to request the modification of role or privilege assignment... | | |
| CVE-2019-0303 | SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, modu... | | |
| CVE-2019-0304 | FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KR... | | |
| CVE-2019-0305 | Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL... | | |
| CVE-2019-0306 | SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privile... | | |
| CVE-2019-0307 | Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user conn... | | |
| CVE-2019-0308 | An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, ... | | |
| CVE-2019-0311 | Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, ... | | |
| CVE-2019-0312 | Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.2... | | |
| CVE-2019-0314 | SAP Work Manager, versions: 6.3, 6.4, 6.5 and SAP Inventory Manager, version 4.3, allows an attacker... | | |
| CVE-2019-0315 | Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (ver... | | |
| CVE-2019-0316 | SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, ... | | |
| CVE-2019-0318 | Under certain conditions SAP NetWeaver Application Server for Java (Startup Framework), versions 7.2... | | |
| CVE-2019-0319 | The SAP Gateway, versions 7.5, 7.51, 7.52 and 7.53, allows an attacker to inject content which is di... | E | |
| CVE-2019-0321 | ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user... | | |
| CVE-2019-0322 | SAP Commerce Cloud (previously known as SAP Hybris Commerce), (HY_COM, versions 6.3, 6.4, 6.5, 6.6, ... | | |
| CVE-2019-0325 | SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report th... | | |
| CVE-2019-0326 | SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4... | | |
| CVE-2019-0327 | SAP NetWeaver for Java Application Server - Web Container, (engineapi, versions 7.1, 7.2, 7.3, 7.31,... | | |
| CVE-2019-0328 | ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Inte... | | |
| CVE-2019-0329 | SAP Information Steward, version 4.2, does not sufficiently encode user-controlled inputs, resulting... | | |
| CVE-2019-0330 | The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent... | | |
| CVE-2019-0331 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (BI Workspace), version... | | |
| CVE-2019-0332 | SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an at... | | |
| CVE-2019-0333 | In some situations, when a client cancels a query in SAP BusinessObjects Business Intelligence Platf... | | |
| CVE-2019-0334 | When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), version... | | |
| CVE-2019-0335 | Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Cons... | | |
| CVE-2019-0337 | Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50... | | |
| CVE-2019-0338 | During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, 753, the HTTP Header attribute... | | |
| CVE-2019-0340 | The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened co... | | |
| CVE-2019-0341 | The session cookie used by SAP Enable Now, version 1902, does not have the HttpOnly flag set. If an ... | | |
| CVE-2019-0343 | SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6, 6.7, 1808, 1811, 1905, allow... | | |
| CVE-2019-0344 | Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc extension), versions 6.4, 6.5,... | KEV | |
| CVE-2019-0345 | A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Ja... | | |
| CVE-2019-0346 | Unencrypted communication error in SAP Business Objects Business Intelligence Platform (Central Mana... | | |
| CVE-2019-0348 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence), versions 4.1, 4.2, can access... | | |
| CVE-2019-0349 | SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT,... | | |
| CVE-2019-0350 | SAP HANA Database, versions 1.0, 2.0, allows an unauthorized attacker to send a malformed connection... | | |
| CVE-2019-0351 | A remote code execution vulnerability exists in the SAP NetWeaver UDDI Server (Services Registry), v... | | |
| CVE-2019-0352 | In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynam... | | |
| CVE-2019-0353 | Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3... | | |
| CVE-2019-0355 | SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before versions 7.10, 7.20, 7.30, 7.... | | |
| CVE-2019-0356 | Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIA... | | |
| CVE-2019-0357 | The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute comm... | | |
| CVE-2019-0361 | SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions ... | | |
| CVE-2019-0363 | Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model... | | |
| CVE-2019-0364 | Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model... | | |
| CVE-2019-0365 | SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KR... | | |
| CVE-2019-0367 | SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform neces... | | |
| CVE-2019-0368 | SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM ... | | |
| CVE-2019-0369 | SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-contro... | | |
| CVE-2019-0370 | Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables... | | |
| CVE-2019-0374 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version... | | |
| CVE-2019-0375 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version... | | |
| CVE-2019-0376 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version... | | |
| CVE-2019-0377 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version... | | |
| CVE-2019-0378 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version... | | |
| CVE-2019-0379 | SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentica... | | |
| CVE-2019-0380 | Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows cu... | | |
| CVE-2019-0381 | A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dyn... | | |
| CVE-2019-0382 | A Cross-Site Scripting vulnerability exists in SAP BusinessObjects Business Intelligence Platform (W... | | |
| CVE-2019-0383 | Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02,... | | |
| CVE-2019-0384 | Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02,... | | |
| CVE-2019-0385 | SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting ... | | |
| CVE-2019-0386 | Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.... | | |
| CVE-2019-0388 | SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 versio... | | |
| CVE-2019-0389 | An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7... | | |
| CVE-2019-0390 | Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to a... | | |
| CVE-2019-0391 | Under certain conditions SAP NetWeaver AS Java (corrected in 7.10, 7.20, 7.30, 7.31, 7.40, 7.50) all... | | |
| CVE-2019-0393 | An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.... | | |
| CVE-2019-0395 | SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows ... | | |
| CVE-2019-0396 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), corrected in v... | | |
| CVE-2019-0398 | Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring ... | | |
| CVE-2019-0399 | SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702,... | | |
| CVE-2019-0402 | SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some... | S | |
| CVE-2019-0403 | SAP Enable Now, before version 1911, allows an attacker to input commands into the CSV files, which ... | | |
| CVE-2019-0404 | SAP Enable Now, before version 1911, leaks information about network configuration in the server err... | | |
| CVE-2019-0405 | SAP Enable Now, before version 1911, leaks information about the existence of a particular user whic... | | |
| CVE-2019-0536 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0537 | An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary fil... | S | |
| CVE-2019-0538 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0539 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | E S | |
| CVE-2019-0540 | A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attac... | S | |
| CVE-2019-0541 | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates ... | KEV E S | |
| CVE-2019-0542 | A remote code execution vulnerability exists in Xterm.js when the component mishandles special chara... | | |
| CVE-2019-0543 | An elevation of privilege vulnerability exists when Windows improperly handles authentication reques... | KEV E S | |
| CVE-2019-0544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0545 | An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassin... | S | |
| CVE-2019-0546 | A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handl... | | |
| CVE-2019-0547 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially... | S | |
| CVE-2019-0548 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP... | S | |
| CVE-2019-0549 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0550 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly... | S | |
| CVE-2019-0551 | A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly... | S | |
| CVE-2019-0552 | An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privil... | E S | |
| CVE-2019-0553 | An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles o... | S | |
| CVE-2019-0554 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0555 | An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow a... | E S | |
| CVE-2019-0556 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0557 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0558 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0559 | An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain typ... | S | |
| CVE-2019-0560 | An information disclosure vulnerability exists when Microsoft Office improperly discloses the conten... | S | |
| CVE-2019-0561 | An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly... | S | |
| CVE-2019-0562 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2019-0563 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0564 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP... | S | |
| CVE-2019-0565 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0566 | An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Mic... | E S | |
| CVE-2019-0567 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | E S | |
| CVE-2019-0568 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | E S | |
| CVE-2019-0569 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0570 | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects i... | E S | |
| CVE-2019-0571 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly hand... | E S | |
| CVE-2019-0572 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly hand... | E S | |
| CVE-2019-0573 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly hand... | E S | |
| CVE-2019-0574 | An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly hand... | E S | |
| CVE-2019-0575 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0576 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0577 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0578 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0579 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0580 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0581 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0582 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0583 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0584 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0585 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha... | S | |
| CVE-2019-0586 | A remote code execution vulnerability exists in Microsoft Exchange software when the software fails ... | S | |
| CVE-2019-0587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0588 | An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants cal... | S | |
| CVE-2019-0589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0590 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0591 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0592 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0593 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0594 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec... | S | |
| CVE-2019-0595 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0596 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0597 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0598 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0599 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0600 | An information disclosure vulnerability exists when the Human Interface Devices (HID) component impr... | S | |
| CVE-2019-0601 | An information disclosure vulnerability exists when the Human Interface Devices (HID) component impr... | S | |
| CVE-2019-0602 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0603 | A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server... | S | |
| CVE-2019-0604 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to chec... | KEV S | |
| CVE-2019-0605 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0606 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | S | |
| CVE-2019-0607 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0608 | A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'M... | S | |
| CVE-2019-0609 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memo... | S | |
| CVE-2019-0610 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0611 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0612 | A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improper... | S | |
| CVE-2019-0613 | A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the s... | S | |
| CVE-2019-0614 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0615 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0616 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0617 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0618 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (... | S | |
| CVE-2019-0619 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2019-0621 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0622 | An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle speci... | | |
| CVE-2019-0623 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | S | |
| CVE-2019-0624 | A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a s... | S | |
| CVE-2019-0625 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0626 | A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends s... | S | |
| CVE-2019-0627 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass De... | S | |
| CVE-2019-0628 | An information disclosure vulnerability exists when the win32k component improperly provides kernel ... | S | |
| CVE-2019-0629 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0630 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 ... | S | |
| CVE-2019-0631 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass De... | S | |
| CVE-2019-0632 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass De... | S | |
| CVE-2019-0633 | A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 ... | S | |
| CVE-2019-0634 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0635 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails... | S | |
| CVE-2019-0636 | An information vulnerability exists when Windows improperly discloses file information, aka 'Windows... | S | |
| CVE-2019-0637 | A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies fi... | S | |
| CVE-2019-0638 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0639 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles... | S | |
| CVE-2019-0640 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0641 | A security feature bypass vulnerability exists in Microsoft Edge handles whitelisting, aka 'Microsof... | S | |
| CVE-2019-0642 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0643 | An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin r... | S | |
| CVE-2019-0644 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0645 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0646 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani... | S | |
| CVE-2019-0647 | An information disclosure vulnerability exists when Team Foundation Server does not properly handle ... | S | |
| CVE-2019-0648 | An information disclosure vulnerability exists when Chakra improperly discloses the contents of its ... | S | |
| CVE-2019-0649 | A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged... | S | |
| CVE-2019-0650 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0651 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0652 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0653 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0654 | A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka '... | S | |
| CVE-2019-0655 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0656 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje... | S | |
| CVE-2019-0657 | A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's... | S | |
| CVE-2019-0658 | An information disclosure vulnerability exists when the scripting engine does not properly handle ob... | S | |
| CVE-2019-0659 | An elevation of privilege vulnerability exists when the Storage Service improperly handles file oper... | S | |
| CVE-2019-0660 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0661 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0662 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (... | S | |
| CVE-2019-0663 | An information disclosure vulnerability exists when the Windows kernel improperly initializes object... | S | |
| CVE-2019-0664 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0665 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2019-0666 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2019-0667 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2019-0668 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2019-0669 | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the content... | S | |
| CVE-2019-0670 | A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse... | S | |
| CVE-2019-0671 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0672 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0673 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0674 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0675 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0676 | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in ... | KEV S | |
| CVE-2019-0677 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0678 | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-d... | S | |
| CVE-2019-0679 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0680 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0681 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0682 | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for L... | S | |
| CVE-2019-0683 | An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default se... | S | |
| CVE-2019-0684 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0685 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | S | |
| CVE-2019-0686 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange... | S | |
| CVE-2019-0687 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0688 | An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles frag... | S | |
| CVE-2019-0689 | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for L... | S | |
| CVE-2019-0690 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail... | S | |
| CVE-2019-0691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0692 | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for L... | S | |
| CVE-2019-0693 | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for L... | S | |
| CVE-2019-0694 | An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for L... | S | |
| CVE-2019-0695 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v... | S | |
| CVE-2019-0696 | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje... | S | |
| CVE-2019-0697 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially... | S | |
| CVE-2019-0698 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially... | S | |
| CVE-2019-0699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0700 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0701 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v... | S | |
| CVE-2019-0702 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0703 | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certai... | KEV S | |
| CVE-2019-0704 | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certai... | S | |
| CVE-2019-0705 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0706 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0707 | An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) ... | S | |
| CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal S... | KEV E S | |
| CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0712 | A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fail... | S | |
| CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0714 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0715 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0716 | Windows Denial of Service Vulnerability | S | |
| CVE-2019-0717 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0718 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0719 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fa... | S | |
| CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2019-0721 | A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fa... | S | |
| CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2019-0723 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2019-0724 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange... | S | |
| CVE-2019-0725 | A memory corruption vulnerability exists in the Windows Server DHCP service when processing speciall... | S | |
| CVE-2019-0726 | A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially... | S | |
| CVE-2019-0727 | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Vi... | S | |
| CVE-2019-0728 | A remote code execution vulnerability exists in Visual Studio Code when it process environment varia... | S | |
| CVE-2019-0729 | An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric key... | S | |
| CVE-2019-0730 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV dr... | E S | |
| CVE-2019-0731 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV dr... | E S | |
| CVE-2019-0732 | A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass De... | E S | |
| CVE-2019-0733 | A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which ... | S | |
| CVE-2019-0734 | An elevation of privilege vulnerability exists in Microsoft Windows when a man-in-the-middle attacke... | S | |
| CVE-2019-0735 | An elevation of privilege vulnerability exists when the Windows Client Server Run-Time Subsystem (CS... | E S | |
| CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability | S | |
| CVE-2019-0737 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0738 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0739 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0740 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0741 | An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive informat... | S | |
| CVE-2019-0742 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani... | S | |
| CVE-2019-0743 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani... | S | |
| CVE-2019-0744 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0745 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0746 | An information disclosure vulnerability exists when the scripting engine does not properly handle ob... | S | |
| CVE-2019-0747 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0748 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0749 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0750 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0751 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0752 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | KEV E S | |
| CVE-2019-0753 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0754 | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Win... | S | |
| CVE-2019-0755 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0756 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0757 | A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an ... | S | |
| CVE-2019-0758 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0759 | An information disclosure vulnerability exists when the Windows Print Spooler does not properly hand... | S | |
| CVE-2019-0760 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0761 | A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct ... | S | |
| CVE-2019-0762 | A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of... | S | |
| CVE-2019-0763 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | S | |
| CVE-2019-0764 | A tampering vulnerability exists when Microsoft browsers do not properly validate input under specif... | S | |
| CVE-2019-0765 | A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory,... | S | |
| CVE-2019-0766 | An elevation of privilege vulnerability exists in Windows AppX Deployment Server that allows file cr... | S | |
| CVE-2019-0767 | An information disclosure vulnerability exists when the Windows kernel improperly initializes object... | S | |
| CVE-2019-0768 | A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does... | S | |
| CVE-2019-0769 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0770 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0771 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0772 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2019-0773 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0774 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0775 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0776 | An information disclosure vulnerability exists when the win32k component improperly provides kernel ... | S | |
| CVE-2019-0777 | A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sani... | S | |
| CVE-2019-0778 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0779 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0780 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in me... | S | |
| CVE-2019-0781 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0782 | An information disclosure vulnerability exists when the Windows kernel fails to properly initialize ... | S | |
| CVE-2019-0783 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0784 | A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles ... | S | |
| CVE-2019-0785 | A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends s... | S | |
| CVE-2019-0786 | An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server wh... | S | |
| CVE-2019-0787 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connec... | S | |
| CVE-2019-0788 | A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connec... | S | |
| CVE-2019-0789 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0790 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0791 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0792 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0793 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0794 | A remote code execution vulnerability exists when OLE automation improperly handles objects in memor... | S | |
| CVE-2019-0795 | A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser proce... | S | |
| CVE-2019-0796 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV dr... | E S | |
| CVE-2019-0797 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2019-0798 | A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sa... | S | |
| CVE-2019-0799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0800 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0801 | A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain ... | S | |
| CVE-2019-0802 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0803 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2019-0804 | An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on r... | S | |
| CVE-2019-0805 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV dr... | E S | |
| CVE-2019-0806 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0807 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0808 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV E S | |
| CVE-2019-0809 | A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer im... | S | |
| CVE-2019-0810 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0811 | A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS ... | S | |
| CVE-2019-0812 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0813 | An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates ope... | S | |
| CVE-2019-0814 | An information disclosure vulnerability exists when the win32k component improperly provides kernel ... | S | |
| CVE-2019-0815 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP... | S | |
| CVE-2019-0816 | A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic fo... | | |
| CVE-2019-0817 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to ... | S | |
| CVE-2019-0818 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0819 | An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it imp... | S | |
| CVE-2019-0820 | A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx ... | S | |
| CVE-2019-0821 | An information disclosure vulnerability exists in the way that the Windows SMB Server handles certai... | S | |
| CVE-2019-0822 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle ob... | S | |
| CVE-2019-0823 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0824 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0825 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0826 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0827 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0828 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to ... | S | |
| CVE-2019-0829 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0830 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0831 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0832 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0833 | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in mem... | S | |
| CVE-2019-0834 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0835 | An information disclosure vulnerability exists when the scripting engine does not properly handle ob... | S | |
| CVE-2019-0836 | An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV dr... | E S | |
| CVE-2019-0837 | An information disclosure vulnerability exists when DirectX improperly handles objects in memory, ak... | S | |
| CVE-2019-0838 | An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses cred... | S | |
| CVE-2019-0839 | An information disclosure vulnerability exists when the Terminal Services component improperly discl... | S | |
| CVE-2019-0840 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0841 | An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improp... | KEV E S | |
| CVE-2019-0842 | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in ... | S | |
| CVE-2019-0843 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0844 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in... | S | |
| CVE-2019-0845 | A remote code execution vulnerability exists when the IOleCvt interface renders ASP webpage content,... | S | |
| CVE-2019-0846 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0847 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0848 | An information disclosure vulnerability exists when the win32k component improperly provides kernel ... | S | |
| CVE-2019-0849 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0851 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0852 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0853 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (... | S | |
| CVE-2019-0854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0856 | A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka ... | S | |
| CVE-2019-0857 | A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Serv... | S | |
| CVE-2019-0858 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to ... | S | |
| CVE-2019-0859 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | KEV S | |
| CVE-2019-0860 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0861 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0862 | A remote code execution vulnerability exists in the way that the scripting engine handles objects in... | S | |
| CVE-2019-0863 | An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles file... | KEV S | |
| CVE-2019-0864 | A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memo... | S | |
| CVE-2019-0865 | A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digita... | S | |
| CVE-2019-0866 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0867 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0868 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0869 | A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle we... | S | |
| CVE-2019-0870 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0871 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0872 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0874 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitiz... | S | |
| CVE-2019-0875 | An elevation of privilege vulnerability exists when Azure DevOps Server 2019 does not properly enfor... | S | |
| CVE-2019-0876 | An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly ha... | S | |
| CVE-2019-0877 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0879 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0880 | A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka '... | KEV S | |
| CVE-2019-0881 | An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumer... | S | |
| CVE-2019-0882 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0884 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memo... | S | |
| CVE-2019-0885 | A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate u... | S | |
| CVE-2019-0886 | An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails... | S | |
| CVE-2019-0887 | A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal... | S | |
| CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability | S | |
| CVE-2019-0889 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0890 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0891 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0892 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properl... | S | |
| CVE-2019-0893 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0894 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0895 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0896 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0897 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0898 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0899 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0900 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0901 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0902 | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles... | S | |
| CVE-2019-0903 | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (... | KEV S | |
| CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0910 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0911 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memo... | S | |
| CVE-2019-0912 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0913 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0914 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0915 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0916 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0917 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0918 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memo... | S | |
| CVE-2019-0919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0921 | An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explo... | S | |
| CVE-2019-0922 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0923 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0924 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0925 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0926 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo... | S | |
| CVE-2019-0927 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0928 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v... | S | |
| CVE-2019-0929 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in m... | S | |
| CVE-2019-0930 | An information disclosure vulnerability exists when Internet Explorer improperly handles objects in ... | S | |
| CVE-2019-0931 | An elevation of privilege vulnerability exists when the Storage Service improperly handles file oper... | S | |
| CVE-2019-0932 | An information disclosure vulnerability exists in Skype for Android, aka 'Skype for Android Informat... | S | |
| CVE-2019-0933 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0934 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0935 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0936 | An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly h... | S | |
| CVE-2019-0937 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj... | S | |
| CVE-2019-0938 | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to esc... | S | |
| CVE-2019-0939 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0940 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in me... | S | |
| CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability | S | |
| CVE-2019-0942 | An elevation of privilege vulnerability exists in the Unified Write Filter (UWF) feature for Windows... | S | |
| CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability | S | |
| CVE-2019-0944 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0945 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0946 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0947 | A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine im... | S | |
| CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability | S | |
| CVE-2019-0949 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specia... | S | |
| CVE-2019-0950 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specia... | S | |
| CVE-2019-0951 | A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specia... | S | |
| CVE-2019-0952 | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properl... | S | |
| CVE-2019-0953 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly ha... | S | |
| CVE-2019-0954 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0955 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0956 | An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2019-0957 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2019-0958 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sa... | S | |
| CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2019-0961 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses t... | S | |
| CVE-2019-0962 | An elevation of privilege vulnerability exists in Azure Automation "RunAs account" runbooks for user... | S | |
| CVE-2019-0963 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly... | S | |
| CVE-2019-0964 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2019-0966 | A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly v... | S | |
| CVE-2019-0967 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability | S | |
| CVE-2019-0969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0970 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0971 | An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundatio... | S | |
| CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability | S | |
| CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability | S | |
| CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability | S | |
| CVE-2019-0975 | A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) impr... | S | |
| CVE-2019-0976 | A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an ... | S | |
| CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability | S | |
| CVE-2019-0978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0979 | A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Serve... | S | |
| CVE-2019-0980 | A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requ... | S | |
| CVE-2019-0981 | A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requ... | S | |
| CVE-2019-0982 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP... | S | |
| CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability | S | |
| CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability | S | |
| CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability | S | |
| CVE-2019-0987 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0990 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2019-0994 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0995 | A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of th... | S | |
| CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability | S | |
| CVE-2019-0997 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability | S | |
| CVE-2019-0999 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, ak... | S |