Skip to main content
CVE-2019-0604 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft SharePoint allows remote code execution through crafted application packages due to improper source markup validation, enabling server-side code execution on SharePoint farms without authentication.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2019-3922 CRITICAL POC Act Now

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-3918 CRITICAL POC Act Now

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 contains multiple hard coded credentials for the Telnet and SSH interfaces. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-0729 CRITICAL PATCH Act Now

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Microsoft Information Disclosure Java Software Development Kit
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-0626 CRITICAL PATCH Act Now

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server, aka 'Windows DHCP Server Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Windows 10 +7
NVD
CVSS 3.0
9.8
EPSS
68.3%
CVE-2019-6563 CRITICAL Act Now

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-6557 CRITICAL Act Now

Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware +1
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2019-6524 CRITICAL Act Now

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-4032 CRITICAL PATCH Act Now

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi IBM Financial Transaction Manager
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-8262 CRITICAL Act Now

UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Ultravnc Sinumerik Access Mymachine P2P +2
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-8261 CRITICAL Act Now

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ultravnc
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2019-8260 CRITICAL Act Now

UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC client RRE decoder code, caused by multiplication overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ultravnc
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-8258 CRITICAL Act Now

UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Ultravnc Sinumerik Access Mymachine P2P +2
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-6522 CRITICAL Act Now

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware +1
NVD
CVSS 3.1
9.1
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy