Lucene search
+L

68 matches found

CVE
CVE
added 2019/08/02 9:11 p.m.164 views

CVE-2019-7855

CVE-2019-7855 affects Magento platforms: Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, and Magento 2.3 before 2.3.2. Description: a cryptographic flaw could be exploited by an unauthenticated user to discover an invariant used in gift card generation. This is a cryptographic weakness rathe...

5.3CVSS5.5AI score0.0097EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2019/07/07 12:0 a.m.97 views

Schneider Electric Modicon Multiple Denial Of Service Vulnerabilities (CVE-2018-7843; CVE-2018-7852; CVE-2018-7853; CVE-2018-7854; CVE-2018-7855; CVE-2018-7856; CVE-2018-7857; CVE-2019-6807)

Multiple denial of service vulnerabilities exist in Schneider Electric Modicon. A remote unauthenticated attacker could send crafted UMAS command packets to cause denial of service conditions...

5CVSS3.8AI score0.03614EPSS
Exploits8
NVD
NVD
added 2019/05/22 9:29 p.m.27 views

CVE-2018-7855

A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus...

7.5CVSS7.4AI score0.02626EPSS
Exploits1References3
Circl
Circl
added 2019/05/22 8:48 p.m.13 views

CVE-2018-7855

creationtimestamp| type| source ---|---|--- 2019-05-22 20:48:21+00:00| seen| https://t.me/cvemitreorg/160 2025-04-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01...

7.5CVSS7.1AI score0.02626EPSS
Exploits1References2
CVE
CVE
added 2019/05/22 8:3 p.m.88 views

CVE-2018-7855

CVE-2018-7855 affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. The root cause is an uncaught exception when handling invalid breakpoint parameters sent over Modbus, which can trigger a Denial of Service with partial availability impact. Connected documents confirm the affe...

7.5CVSS7.3AI score0.02626EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.36 views

Security Bulletin: Vulnerabilities in NTP and GNU C Library (glibc) affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware

Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerabilities in NTP and GNU C Library glibc. Vulnerability Details Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following...

9.8CVSS0.9AI score0.81762EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:32 a.m.36 views

Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2015-7848, CVE-2015-7855)

Summary There are multiple vulnerabilities in the Network Time Protocol NTP implementation embedded within the IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-7848 DESCRIPTION: Network Time Protocol NTP is vulnerable to a denial of service, caused by an multiple integer...

7.5CVSS1.2AI score0.31068EPSS
Exploits5Affected Software1
CVE
CVE
added 2017/08/31 9:0 p.m.74 views

CVE-2017-7855

IceWarp WebMail 11.3.1.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the language parameter of the webmail component. The Nuclei template confirms the affected product/version and states that an attacker can execute arbitrary JavaScript in a victim’s browser, potentially stealing...

6.1CVSS5.9AI score0.0201EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.67 views

AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)

The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...

9.8CVSS6.3AI score0.31068EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.66 views

AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)

The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...

9.8CVSS6.3AI score0.31068EPSS
Exploits4References9
OSV
OSV
added 2017/08/07 8:29 p.m.6 views

CVE-2015-7855

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value...

6.5CVSS7.5AI score
Exploits0References14
CVE
CVE
added 2017/08/07 8:0 p.m.188 views

CVE-2015-7855

CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...

6.5CVSS7.4AI score0.31068EPSS
Exploits4References11Affected Software1
CVE
CVE
added 2017/06/26 1:0 p.m.27 views

CVE-2017-6383

CVE-2017-6383 is a rejected candidate and does not represent an active vulnerability entry.

6.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/25 12:0 a.m.65 views

NTP 4.2.8p3 Denial Of Service

!/usr/bin/env python Exploit Title: ntpd 4.2.8p3 remote DoS Date: 2015-10-21 Bug Discovery: John D "Doug" Birdwell Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://support.ntp.org/bin/view/Main/NtpBug2922 Vendor Homepage: http://www.ntp.org/ Software Link:...

8.3AI score0.31068EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2016/11/01 10:46 p.m.6 views

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016...

9.1AI score0.25198EPSS
Exploits0References7
CVE
CVE
added 2016/11/01 10:46 p.m.1164 views

CVE-2016-7855

Adobe Flash Player CVE-2016-7855 is a use-after-free vulnerability allowing remote code execution. It affects Flash Player on Windows, macOS, and Linux (versions prior to 23.0.0.205 for Windows/OS X and prior to 11.2.202.643 on Linux). Exploitation has been observed in the wild (October 2016). Af...

9.3CVSS9AI score0.25198EPSS
In wildExploits0References8Affected Software1
The Hacker News
The Hacker News
added 2016/11/01 9:36 p.m.59 views

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft ha...

10CVSS8.6AI score0.25198EPSS
Exploits0
OSV
OSV
added 2016/11/01 12:33 a.m.7 views

MGASA-2016-0360 Updated flash-player-plugin packages fix security vulnerability

This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system CVE-2016-7855...

9.3CVSS8.9AI score0.25198EPSS
Exploits0References3
Mageia
Mageia
added 2016/11/01 12:33 a.m.48 views

Updated flash-player-plugin packages fix security vulnerability

This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system CVE-2016-7855...

9.3CVSS7.6AI score0.25198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2016/11/01 12:0 a.m.39 views

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Recent assessments: Assessed Attacker Value: 0 Assessed...

9.3CVSS9AI score0.25198EPSS
In wildExploits0References8
Rows per page
Query Builder