Skip to main content
CVE-2019-11704 CRITICAL POC THREAT Act Now

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-11703 CRITICAL POC THREAT Act Now

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2019-1010153 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-1010152 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010150 CRITICAL POC Act Now

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010149 CRITICAL POC Act Now

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE PHP Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-1010148 CRITICAL POC Act Now

zzcms version 8.3 and earlier is affected by: SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi RCE Zzcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-1010155 CRITICAL POC Act Now

D-Link DSL-2750U 1.11 is affected by: Authentication Bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Denial Of Service D-Link Dsl 2750U Firmware
NVD
CVSS 3.1
9.1
EPSS
8.6%
CVE-2019-11708 CRITICAL POC KEV THREAT Act Now

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Thunderbird
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
55.9%
CVE-2019-2856 CRITICAL PATCH Act Now

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Application Container - JavaEE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-12164 CRITICAL PATCH Act Now

ubuntu-server.js in Status React Native Desktop before v0.57.8_mobile_ui allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ubuntu RCE React Native Desktop
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2019-1010200 CRITICAL PATCH Act Now

Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Google RCE Command Injection Voice Builder
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2019-9820 CRITICAL Act Now

A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google Use After Free Mozilla +3
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-9819 CRITICAL Act Now

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Memory Corruption Firefox Firefox Esr +1
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-9814 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2019-9800 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-11714 CRITICAL Act Now

Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-11713 CRITICAL Act Now

A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-11710 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-11709 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +4
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-11705 CRITICAL POC Act Now

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Thunderbird
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.9%
CVE-2019-11693 CRITICAL Act Now

The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Memory Corruption Firefox Thunderbird
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-11692 CRITICAL Act Now

A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11691 CRITICAL Act Now

A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-10173 CRITICAL PATCH Act Now

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Deserialization Xstream Banking Platform +8
NVD
CVSS 3.1
9.8
EPSS
94.8%
CVE-2019-2828 CRITICAL PATCH Act Now

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Field Service
NVD
CVSS 3.0
9.6
EPSS
1.6%
CVE-2019-2775 CRITICAL PATCH Act Now

Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Payments
NVD
CVSS 3.0
9.1
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy