• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

Microsoft

CVE-2019-12270

February 26, 2023 by

OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine, such as Tomcat. (The affected server components are not installed with Content Server by default, and must be installed separately.) NOTE: the vendor’s position is that customers are not supposed to use this default setting without consulting the documentation.

CVE-2019-12172

February 26, 2023 by

Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.

CVE-2019-1220

February 26, 2023 by

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka ‘Microsoft Browser Security Feature Bypass Vulnerability’.

CVE-2019-1221

February 26, 2023 by

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’.

CVE-2019-1208

February 26, 2023 by

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1236.

CVE-2019-1194

February 26, 2023 by

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1133.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 117
  • Go to page 118
  • Go to page 119
  • Go to page 120
  • Go to page 121
  • Interim pages omitted …
  • Go to page 218
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE