9.8
CVE-2019-8275
- EPSS 4.58%
- Veröffentlicht 08.03.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:49:37
- Quelle vulnerability@kaspersky.com
- Teams Watchlist Login
- Unerledigt Login
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siemens ≫ Sinumerik Access Mymachine/p2p Version < 4.8
Siemens ≫ Sinumerik Pcu Base Win10 Software/ipc Version < 14.00
Siemens ≫ Sinumerik Pcu Base Win7 Software/ipc Version <= 12.01
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.58% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-170 Improper Null Termination
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.