CVE Vulnerability

Microsoft

CVE-2019-1366

by

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.

CVE-2019-1356

by

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka ‘Microsoft Edge based on Edge HTML Information Disclosure Vulnerability’.

CVE-2019-1357

by

A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka ‘Microsoft Browser Spoofing Vulnerability’. This CVE ID is unique from CVE-2019-0608.

CVE-2019-13404

by

** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor’s position is that it is the user’s responsibility to ensure C:Python27 access control or choose a different directory, because backwards compatibility requires that C:Python27 remain the default for 2.7.x.

CVE-2019-13320

by

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8814.

CVE-2019-13323

by

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783.