Skip to main content
CVE-2019-8197 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
16.8%
CVE-2019-8196 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
22.9%
CVE-2019-8195 CRITICAL POC PATCH THREAT Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
22.9%
CVE-2019-10752 CRITICAL POC PATCH Act Now

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-8221 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8220 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions, 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8215 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8214 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8213 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8212 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8211 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an use after. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Adobe RCE Memory Corruption Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8206 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-8205 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Buffer Overflow Adobe Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-8200 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8199 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-8186 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

RCE Buffer Overflow Adobe Memory Corruption Acrobat Dc +1
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2019-8169 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8167 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-8161 CRITICAL PATCH Act Now

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Adobe Memory Corruption Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2019-15066 CRITICAL Act Now

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-15064 CRITICAL Act Now

HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2019-13409 CRITICAL Act Now

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Topmeeting
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2019-8071 CRITICAL Act Now

Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Download Manager
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2019-13411 CRITICAL Act Now

An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gpon Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-17670 CRITICAL PATCH Act Now

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.5%
CVE-2019-17669 CRITICAL PATCH Act Now

WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF WordPress Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2019-17631 CRITICAL Act Now

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openj9 Satellite Enterprise Linux Enterprise Linux Desktop +3
NVD
CVSS 3.1
9.1
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy