• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2019-12400

February 26, 2023 by

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario – XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario – XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.

CVE-2019-12290

February 26, 2023 by

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

CVE-2019-1230

February 26, 2023 by

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka ‘Hyper-V Information Disclosure Vulnerability’.

CVE-2019-12157

February 26, 2023 by

In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands.

CVE-2019-1204

February 26, 2023 by

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages, aka ‘Microsoft Outlook Elevation of Privilege Vulnerability’.

CVE-2019-11980

February 26, 2023 by

A remote code exection vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 462
  • Go to page 463
  • Go to page 464
  • Go to page 465
  • Go to page 466
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE