Security Vulnerabilities - Known exploited
CVE-2019-1322
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
Known exploited
CVSS Score
7.8
EPSS Score
0.387
Published
2019-10-10
CVE-2019-1315
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
Known exploited
CVSS Score
7.8
EPSS Score
0.062
Published
2019-10-10
CVE-2019-16928
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Known exploited
CVSS Score
9.8
EPSS Score
0.853
Published
2019-09-27
CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers the command injection could achieve full system compromise. Later, it was independently found that these are also affected: DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835, and DIR-825.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2019-09-27
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-09-24
CVE-2019-1367
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
Known exploited
CVSS Score
7.5
EPSS Score
0.879
Published
2019-09-23
CVE-2019-16057
The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
Known exploited
CVSS Score
9.8
EPSS Score
0.938
Published
2019-09-16
CVE-2019-16256
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker.
Known exploited
CVSS Score
9.8
EPSS Score
0.427
Published
2019-09-12
CVE-2019-1297
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
Known exploited
CVSS Score
8.8
EPSS Score
0.568
Published
2019-09-11
CVE-2019-1253
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
Known exploited
CVSS Score
7.8
EPSS Score
0.229
Published
2019-09-11