Month | Quarter | Year |
---|---|---|
#11 | #10 | #10 |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2019-1126 | CWE-254 | 7PK - Security Features | 5.3 |
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0975. |
|||
CVE-2019-1097 | CWE-200 | Information Leak / Disclosure | 5.5 |
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1093. |
|||
CVE-2019-1096 | CWE-200 | Information Leak / Disclosure | 5.5 |
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. |
|||
CVE-2019-1095 | CWE-200 | Information Leak / Disclosure | 6.5 |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1094, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. |
|||
CVE-2019-1094 | CWE-200 | Information Leak / Disclosure | 6.5 |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116. |
|||
CVE-2019-1093 | CWE-200 | Information Leak / Disclosure | 5.5 |
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1097. |
|||
CVE-2019-1089 | CWE-264 | Permissions, Privileges, and Access Controls | 7.8 |
An elevation of privilege vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request. To exploit this vulnerability, a low level authenticated attacker could run a specially crafted application. The security update addresses this vulnerability by correcting how rpcss.dll handles these requests., aka 'Windows RPCSS Elevation of Privilege Vulnerability'. |
|||
CVE-2019-1088 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1087. |
|||
CVE-2019-1087 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1086, CVE-2019-1088. |
|||
CVE-2019-1086 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1087, CVE-2019-1088. |