Total
41742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1583 | 1 Paloaltonetworks | 1 Twistlock | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected component is required for the payload to execute on the victim. | |||||
| CVE-2019-1578 | 1 Paloaltonetworks | 1 Minemeld | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser. | |||||
| CVE-2019-1574 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | |||||
| CVE-2019-1571 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | |||||
| CVE-2019-1570 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | |||||
| CVE-2019-1569 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | |||||
| CVE-2019-1568 | 1 Paloaltonetworks | 1 Demisto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML. | |||||
| CVE-2019-1567 | 1 Paloaltonetworks | 1 Expedition Migration Tool | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings. | |||||
| CVE-2019-1566 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1565 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | |||||
| CVE-2019-1375 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | |||||
| CVE-2019-1332 | 1 Microsoft | 3 Power Bi Report Server, Sql Server 2017 Reporting Services, Sql Server 2019 Reporting Services | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. | |||||
| CVE-2019-1329 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1330. | |||||
| CVE-2019-1328 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | |||||
| CVE-2019-1305 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-1273 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | |||||
| CVE-2019-1266 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | |||||
| CVE-2019-1262 | 1 Microsoft | 1 Sharepoint Foundation | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2019-1218 | 1 Microsoft | 1 Outlook | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook iOS parses specially crafted email messages. | |||||
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. | |||||