An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim’s credentials, because the Origin...
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to...
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1093. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1097
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka ‘Win32k Information Disclosure Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1096
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101,...
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka ‘Windows GDI Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101,...
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka ‘DirectWrite Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-1097. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1093
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from...
An information disclosure vulnerability exists when Unistore.dll fails to properly handle objects in memory, aka ‘Microsoft unistore.dll Information Disclosure Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1091
An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka ‘Windows dnsrlvr.dll Elevation of Privilege Vulnerability’. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1090
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application....
An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1088
An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1087
An elevation of privilege exists in Windows Audio Service, aka ‘Windows Audio Service Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088. Date published : 2019-07-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1086