evolution vulnerabilities and exploits

7.2
CVSSv2
CVE-2019-0973

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka...

7.2
CVSSv2
CVE-2019-0841

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805,...

MicrosoftWindows 10Windows Server 2016Windows Server 2019
7.2
CVSSv2
CVE-2019-1069

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'....

MicrosoftWindows 10Windows Server 2016Windows Server 2019
7.2
CVSSv2
CVE-2019-0863

An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'....

10
CVSSv2
CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result...

7.5
CVSSv2
CVE-2019-11707

A type confusion vulnerability has been found in Firefox 67.0.3 and Firefox ESR 60.7.1. The vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. It can allow remote code execution....

MozillaFirefoxFirefox EsrThunderbird
7.2
CVSSv2
CVE-2019-0859

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803....

NA
CVE-2019-14518

** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."...

NA
CVE-2019-14422

An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A...

5
CVSSv2
CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8....

MozillaFirefoxFirefox EsrThunderbird