Security Vulnerabilities - CVEs Published In 2019
An issue was discovered in Picture_Manage_mvc.aspx in AUO SunVeillance Monitoring System before v1.1.9e. There is an incorrect access control vulnerability that can allow an unauthenticated user to upload files via a modified authority parameter.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-11-12
AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-11-12
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
CVSS Score
7.5
EPSS Score
0.187
Published
2019-11-12
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-11-12
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1309, CVE-2019-1399.
CVSS Score
6.8
EPSS Score
0.01
Published
2019-11-12
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets, aka 'Windows TCP/IP Information Disclosure Vulnerability'.
CVSS Score
5.3
EPSS Score
0.027
Published
2019-11-12
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
CVSS Score
5.5
EPSS Score
0.006
Published
2019-11-12
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
CVSS Score
4.8
EPSS Score
0.001
Published
2019-11-12
ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-11-12
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 allows an unauthenticated remote user to trigger a denial of service (DoS) condition because of Uncontrolled Resource Consumption.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-11-12