Skip to main content
CVE-2019-9570 MEDIUM POC This Month

An issue was discovered in YzmCMS 5.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2019-6230 HIGH This Week

A memory initialization issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2019-8336 HIGH PATCH This Week

HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Hashicorp HashiCorp Consul
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2019-0649 HIGH PATCH This Week

A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Edge Chakracore
NVD
CVSS 3.0
8.1
EPSS
4.4%
CVE-2019-0728 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.0
7.8
EPSS
27.7%
CVE-2019-0675 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0674 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
18.4%
CVE-2019-0673 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0672 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0671 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0632 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0631 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0627 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0625 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0623 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2019-0599 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
20.1%
CVE-2019-0598 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
20.1%
CVE-2019-0597 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0596 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0595 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
19.1%
CVE-2019-6221 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple Information Disclosure Iphone Os +2
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-6210 HIGH This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +3
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2019-6202 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Iphone Os Mac Os X +1
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2019-9578 HIGH PATCH This Week

In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Libu2F Host
NVD GitHub
CVSS 3.0
7.5
EPSS
2.3%
CVE-2019-0741 HIGH PATCH This Week

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure Java Software Development Kit
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2019-0655 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
12.7%
CVE-2019-0652 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0651 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0650 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.0
7.5
EPSS
19.4%
CVE-2019-0645 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2019-0644 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0642 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0640 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0637 HIGH PATCH This Week

A security feature bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections, aka 'Windows Defender Firewall Security Feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2019-0634 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2019-0610 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0607 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0606 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0605 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
12.2%
CVE-2019-0593 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
19.8%
CVE-2019-0591 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-0590 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.0
7.5
EPSS
11.1%
CVE-2019-9574 HIGH This Week

The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Human Resource Management
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2019-9573 HIGH This Week

The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wp Human Resource Management
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-6520 HIGH This Week

Moxa IKS and EDS does not properly check authority on server side, which results in a read-only user being able to perform arbitrary configuration changes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-6518 HIGH This Week

Moxa IKS and EDS store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-6223 HIGH KEV THREAT This Week

A logic issue existed in the handling of Group FaceTime calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-6219 HIGH This Week

A denial of service issue was addressed with improved validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Iphone Os Mac Os X Watchos
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2019-8259 HIGH This Week

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ultravnc Sinumerik Access Mymachine P2P Sinumerik Pcu Base Win10 Software Ipc Sinumerik Pcu Base Win7 Software Ipc
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2019-0686 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.0
7.4
EPSS
5.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy