Skip to main content
CVE-2019-3921 HIGH POC THREAT This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE I 240W Q Gpon Ont Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
17.9%
CVE-2019-3920 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to authenticated command injection via crafted HTTP request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2019-3919 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to command injection via crafted HTTP request sent by a remote, authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2019-6224 HIGH POC This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.0%
CVE-2019-6215 HIGH POC This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apple RCE Memory Corruption Safari +6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.8%
CVE-2019-6214 HIGH POC This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Information Disclosure Memory Corruption Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
3.6%
CVE-2019-0724 HIGH POC PATCH THREAT This Week

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft Information Disclosure Exchange Server
NVD GitHub
CVSS 3.1
8.1
EPSS
23.8%
CVE-2019-6225 HIGH POC THREAT This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Memory Corruption Iphone Os Mac Os X +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
28.5%
CVE-2019-6218 HIGH POC This Week

A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.5%
CVE-2019-6213 HIGH POC This Week

A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple RCE Iphone Os Mac Os X +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.4%
CVE-2019-6205 HIGH POC This Week

A memory corruption issue was addressed with improved lock state checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Memory Corruption Iphone Os Mac Os X +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.1%
CVE-2019-3917 HIGH POC This Week

The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 allows a remote, unauthenticated attacker to enable telnetd on the router via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass I 240W Q Gpon Ont Firmware
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-9572 HIGH POC This Week

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Schoolcms
NVD GitHub
CVSS 3.0
7.2
EPSS
2.0%
CVE-2019-0668 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2019-0662 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
15.4%
CVE-2019-0633 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
13.0%
CVE-2019-0630 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
17.8%
CVE-2019-0618 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
8.8
EPSS
67.0%
CVE-2019-0613 HIGH PATCH This Week

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Net Framework Visual Studio 2017
NVD
CVSS 3.0
8.8
EPSS
15.4%
CVE-2019-0594 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
8.8
EPSS
12.4%
CVE-2019-6561 HIGH This Week

Cross-site request forgery has been identified in Moxa IKS and EDS, which may allow for the execution of unauthorized actions on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Iks G6824A Firmware Eds 405A Firmware Eds 408A Firmware Eds 510A Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-6528 HIGH This Week

PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy versions Telecontrol Gateway 3G Versions 4.2.21, 5.0.27, 5.1.19, 6.0.16 and prior, and Telecontrol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Telecontrol Gateway Xs Mu Firmware Telecontrol Gateway Vm Firmware Telecontrol Gateway 3G Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-6234 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6233 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +5
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6227 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-6226 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6217 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6216 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2019-6212 HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Memory Corruption +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2019-6211 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Iphone Os +1
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2019-6200 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Apple Information Disclosure Iphone Os +1
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-6230 HIGH This Week

A memory initialization issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Iphone Os Mac Os X Tvos +1
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2019-8336 HIGH PATCH This Week

HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Hashicorp HashiCorp Consul
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2019-0649 HIGH PATCH This Week

A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Edge Chakracore
NVD
CVSS 3.0
8.1
EPSS
4.4%
CVE-2019-0728 HIGH PATCH This Week

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.0
7.8
EPSS
27.7%
CVE-2019-0675 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0674 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
18.4%
CVE-2019-0673 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0672 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0671 HIGH PATCH This Week

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Office Office 365 Proplus
NVD
CVSS 3.0
7.8
EPSS
14.8%
CVE-2019-0632 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0631 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0627 HIGH PATCH This Week

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka 'Windows Security Feature Bypass Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Powershell Core Windows 10 Windows Server 2016 +1
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2019-0625 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0623 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
5.9%
CVE-2019-0599 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
20.1%
CVE-2019-0598 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
20.1%
CVE-2019-0597 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0596 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
16.1%
CVE-2019-0595 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.8
EPSS
19.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy