One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4. Date published : 2019-07-29 https://support.oneidentity.com/technical-documents/cloud-access-manager/8.1.4/release-notes#TOPIC-1028731 https://github.com/FurqanKhan1/CVE-2019-13498
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. Date...
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. Date published :...
A vulnerability in the web-based management interface of VVX, Trio, SoundStructure, SoundPoint, and SoundStation phones running Polycom UC Software, if exploited, could allow an authenticated, remote attacker with admin privileges to cause a denial...
HumHub Social Network Kit Enterprise v1.3.13 allows remote attackers to find the user accounts existing on any Social Network Kits (including self-hosted ones) by brute-forcing the username after the /u/ initial URI substring, aka...
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. Date published :...
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka ‘Microsoft Exchange Server Spoofing Vulnerability’. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ‘Microsoft Exchange Server Elevation of Privilege Vulnerability’. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1134
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1129. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1130. Date published : 2019-07-29 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123,...
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka ‘DirectWrite Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123,...