How severe is CVE-2019-15691?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2019-15691?

This is classified as CWE-825, which is a common weakness in software security.

CVE-2019-15691

HIGH Year: 2019

CVSS v3 Score

7.2

High

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-825

View all →

Vulnerability Description

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

CVE-2023-20212

HIGH

CVSS:7.5(High)

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic ...

CWE-8252023

CVE-2024-39792

HIGH

CVSS:7.5(High)

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

CWE-8252024

CVE-2024-45105

MEDIUM

CVSS:6.7(Medium)

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execut...

CWE-8252024

CVE-2024-23638

MEDIUM

CVSS:6.5(Medium)

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This proble...

CWE-8252024

CVE-2025-30653

MEDIUM

CVSS:6.5(Medium)

An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service ...

CWE-8252025

CVE-2024-28889

MEDIUM

CVSS:5.9(Medium)

When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic Managem...

CWE-8252024

CVE-2019-15691

Vulnerability Description

Related Vulnerabilities

CVE-2023-20212

CVE-2024-39792

CVE-2024-45105

CVE-2024-23638

CVE-2025-30653

CVE-2024-28889