Security Vulnerabilities - CVEs Published In November 2019
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1309, CVE-2019-1310, CVE-2019-1399.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-11-12
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0721.
CVSS Score
9.1
EPSS Score
0.015
Published
2019-11-12
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0719.
CVSS Score
9.1
EPSS Score
0.021
Published
2019-11-12
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-12
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-12
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
CVSS Score
7.5
EPSS Score
0.187
Published
2019-11-12
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-11-12
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-11-12
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
CVSS Score
5.3
EPSS Score
0.027
Published
2019-11-12
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
CVSS Score
5.5
EPSS Score
0.006
Published
2019-11-12