Skip to main content
CVE-2019-8197 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
16.8%
CVE-2019-8196 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
22.9%
CVE-2019-8195 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
22.9%
CVE-2019-10752 CRITICAL POC PATCH Act Now

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17119 HIGH POC This Week

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Two Factor Authentication Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-17118 HIGH POC This Week

A CSRF issue in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows a remote attacker to trick an authenticated user into performing unintended actions such as (1) create or delete admin users;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF 2Fa Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2019-17117 HIGH POC This Week

A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi 2Fa Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2019-16917 HIGH POC This Week

WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Two Factor Authentication Enterprise Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2019-14287 HIGH POC PATCH THREAT This Week

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sudo Fedora Debian Linux Leap +11
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
63.9%
CVE-2019-15850 HIGH POC THREAT This Week

eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Homematic Ccu3 Firmware
NVD
CVSS 3.1
8.8
EPSS
15.6%
CVE-2019-14423 HIGH POC THREAT This Week

A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cux Daemon Ccu2 Firmware
NVD
CVSS 3.1
8.8
EPSS
19.9%
CVE-2019-17676 HIGH POC This Week

app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Metinfo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2019-18192 HIGH POC PATCH This Week

GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Guix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-11253 HIGH POC PATCH THREAT This Week

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
25.9%
CVE-2019-15849 HIGH POC This Week

eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Homematic Ccu3 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2019-15627 HIGH POC This Week

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro Microsoft Information Disclosure Deep Security
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2019-14424 MEDIUM POC This Month

A Local File Inclusion (LFI) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cux Daemon Ccu2 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-17120 MEDIUM POC THREAT This Month

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 2Fa Enterprise Server
NVD
CVSS 3.1
6.1
EPSS
50.0%
CVE-2019-17116 MEDIUM POC This Month

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Two Factor Authentication Enterprise Server
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-17115 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML that is triggered when Logs.jsp is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Two Factor Authentication Enterprise Server
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-17114 MEDIUM POC This Month

A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Two Factor Authentication Enterprise Server
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2019-8221 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8220 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8215 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8214 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8213 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8212 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8211 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8206 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-8205 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8200 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8199 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-8186 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2019-8169 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8167 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8161 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-15066 CRITICAL Act Now

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-15064 CRITICAL Act Now

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-13409 CRITICAL Act Now

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Topmeeting
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-8071 CRITICAL Act Now

Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Download Manager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-13411 CRITICAL Act Now

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17670 CRITICAL PATCH Act Now

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-17669 CRITICAL PATCH Act Now

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-16330 MEDIUM POC This Month

In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Express Accounts Accounting
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17667 MEDIUM POC This Month

Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS H8 Heights Remote Gateway Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2019-17671 MEDIUM POC PATCH THREAT This Month

In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
36.5%
CVE-2019-17631 CRITICAL Act Now

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openj9 Satellite Enterprise Linux Enterprise Linux Desktop +3
NVD
CVSS 3.1
9.1
EPSS
2.1%
CVE-2019-8225 HIGH PATCH This Week

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-8224 HIGH PATCH This Week

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-8223 HIGH PATCH This Week

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
8.8
EPSS
3.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy