CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-7058 data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm. | 8.8 | HIGH | — | 0 |
| CVE-2019-13751 Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13752 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13753 Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-13754 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13755 Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13756 Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13757 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13758 Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13759 Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13761 Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-18379 Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backen... | 7.3 | HIGH | — | 0 |
| CVE-2019-13762 Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. | 3.3 | LOW | — | 0 |
| CVE-2019-13763 Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2019-13764 Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2019-1332 A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Micros... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-1400 An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. T... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1453 A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Pro... | 7.5 | HIGH | — | 0 |
| CVE-2019-1461 A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory, aka 'Microsoft Word Denial of Service Vulnerability'. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1462 A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerabilit... | 7.8 | HIGH | — | 0 |
| CVE-2019-1463 An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Information Disclosure Vulnerability'. T... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1480 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-1464 An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'. | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1465 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1466 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1467 An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is un... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-11166 For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitiv... | N/A | NONE | — | 0 |
| CVE-2019-1468 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | 8.8 | HIGH | — | 0 |
| CVE-2019-1469 An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1470 An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyp... | 6.0 | MEDIUM | — | 0 |
| CVE-2019-1471 A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote ... | 8.2 | HIGH | — | 0 |
| CVE-2024-53941 An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK valu... | 8.8 | HIGH | — | 0 |
| CVE-2019-1472 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1474 An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-1476 An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique f... | 7.8 | HIGH | — | 0 |
| CVE-2019-1477 An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulne... | 7.8 | HIGH | — | 0 |
| CVE-2019-1478 An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 7.8 | HIGH | — | 0 |
| CVE-2019-1481 An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory, aka 'Windows Media Player Information Disclosure Vulnerability'. This CVE ID ... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-1483 An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the... | 7.8 | HIGH | — | 0 |
| CVE-2019-1484 A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | 7.8 | HIGH | — | 0 |
| CVE-2019-1485 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 | HIGH | — | 0 |
| CVE-2019-1486 A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Shar... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-1487 An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions, aka 'Microsoft Authentication Library for A... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-1488 A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | 3.3 | LOW | — | 0 |
| CVE-2019-1489 An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerabil... | 7.5 | HIGH | — | 0 |
| CVE-2019-1490 A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS recor... | 5.3 | MEDIUM | — | 0 |
| CVE-2013-4968 Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspec... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-14870 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clien... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-14889 A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided ... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.