7.5
CVE-2019-8259
- EPSS 0.87%
- Published 05.03.2019 15:29:00
- Last modified 21.11.2024 04:49:35
- Source vulnerability@kaspersky.com
- Teams watchlist Login
- Open Login
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Sinumerik Access Mymachine/p2p Version < 4.8
Siemens ≫ Sinumerik Pcu Base Win10 Software/ipc Version < 14.00
Siemens ≫ Sinumerik Pcu Base Win7 Software/ipc Version <= 12.01
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.87% | 0.732 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE-665 Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.