tenable vulnerabilities and exploits

5
MEDIUM
CVE-2019-3924

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router...

MikrotikRouteros
10
HIGH
CVE-2019-6545

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary proce...

10
HIGH
CVE-2019-6543

AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. Code is executed under the program runtime privileges, which could lead to the compromise of the machine....

NA
CVE-2019-0686

Microsoft Exchange Server could allow a remote attacker to gain elevated privileges on the system, caused by a flaw in the notifications contract. By using man-in-the-middle attack techniques, an attacker could exploit this vulnerability to impersonate arbitrary user on the Excha...

NA
CVE-2019-0626

A vulnerability in the DHCP server component of Microsoft Windows could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.The vulnerability is due to improper memory operations that are performed by the affected software when handling DHCP pac...

NA
CVE-2019-0676

Microsoft Internet Explorer could allow a remote attacker to obtain sensitive information, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, a remote attacker could exploit this vulnerability to check for the existence of ...

3.5
LOW
CVE-2019-3923

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in...

NA
CVE-2018-19016

Rockwell Automation EtherNet/IP Web Server Modules is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted UDP packet to the SNMP service, a remote attacker could exploit this vulnerability to cause a denial of service condition....

7.5
HIGH
CVE-2019-0547

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers....

MicrosoftWindows 10
5.5
MEDIUM
CVE-2018-15465

A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to imp...

7.5
HIGH
CVE-2018-18999

WebAccess/SCADA, WebAccess/SCADA Version 8.3.2 installed on Windows 2008 R2 SP1. Lack of proper validation of user supplied input may allow an attacker to cause the overflow of a buffer on the stack....