Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2019-1385 | Link Following vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-1383 | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-1380 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Microsoft products A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-1379 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2019 An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka 'Windows Data Sharing Service Elevation of Privilege Vulnerability'. | 7.8 |
| 2019-11-12 | CVE-2019-12720 | SQL Injection vulnerability in AUO Sunveillance Monitoring System & Data Recorder AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. | 7.5 |
| 2019-11-12 | CVE-2019-1234 | Authentication Bypass by Spoofing vulnerability in Microsoft Azure Stack A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'. | 7.5 |
| 2019-11-12 | CVE-2019-17360 | Resource Exhaustion vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption. | 7.5 |
| 2019-11-12 | CVE-2018-21026 | Information Exposure vulnerability in Hitachi products A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | 7.5 |
| 2019-11-12 | CVE-2019-17237 | Cross-Site Request Forgery (CSRF) vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | 8.8 |
| 2019-11-12 | CVE-2019-17234 | Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | 7.5 |