68 matches found
CVE-2019-7855
CVE-2019-7855 affects Magento platforms: Magento 2.1 before 2.1.18, Magento 2.2 before 2.2.9, and Magento 2.3 before 2.3.2. Description: a cryptographic flaw could be exploited by an unauthenticated user to discover an invariant used in gift card generation. This is a cryptographic weakness rathe...
Schneider Electric Modicon Multiple Denial Of Service Vulnerabilities (CVE-2018-7843; CVE-2018-7852; CVE-2018-7853; CVE-2018-7854; CVE-2018-7855; CVE-2018-7856; CVE-2018-7857; CVE-2019-6807)
Multiple denial of service vulnerabilities exist in Schneider Electric Modicon. A remote unauthenticated attacker could send crafted UMAS command packets to cause denial of service conditions...
CVE-2018-7855
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a Denial of Service when sending invalid breakpoint parameters to the controller over Modbus...
CVE-2018-7855
creationtimestamp| type| source ---|---|--- 2019-05-22 20:48:21+00:00| seen| https://t.me/cvemitreorg/160 2025-04-24 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-114-01...
CVE-2018-7855
CVE-2018-7855 affects Schneider Electric Modicon M580, M340, Quantum and Premium PLCs. The root cause is an uncaught exception when handling invalid breakpoint parameters sent over Modbus, which can trigger a Denial of Service with partial availability impact. Connected documents confirm the affe...
Security Bulletin: Vulnerabilities in NTP and GNU C Library (glibc) affect IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware
Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following vulnerabilities in NTP and GNU C Library glibc. Vulnerability Details Summary IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware has addressed the following...
Security Bulletin: Multiple vulnerabilities in Network Time Protocol (NTP) affect IBM Virtualization Engine TS7700 (CVE-2015-7848, CVE-2015-7855)
Summary There are multiple vulnerabilities in the Network Time Protocol NTP implementation embedded within the IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-7848 DESCRIPTION: Network Time Protocol NTP is vulnerable to a denial of service, caused by an multiple integer...
CVE-2017-7855
IceWarp WebMail 11.3.1.5 is affected by a Cross-Site Scripting (XSS) vulnerability in the language parameter of the webmail component. The Nuclei template confirms the affected product/version and states that an attacker can execute arbitrary JavaScript in a victim’s browser, potentially stealing...
AIX NTP v4 Advisory : ntp_advisory4.asc (IV79954) (IV79954)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
AIX NTP v3 Advisory : ntp_advisory4.asc (IV79942) (IV79943) (IV79944) (IV79945) (IV79946)
The remote AIX host has a version of Network Time Protocol NTP installed that is affected by the following vulnerabilities : - A divide-by-zero error exists in file include/ntp.h when handling LOGTOD and ULOGTOD macros in a crafted NTP packet. An unauthenticated, remote attacker can exploit this,...
CVE-2015-7855
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value...
CVE-2015-7855
CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...
CVE-2017-6383
CVE-2017-6383 is a rejected candidate and does not represent an active vulnerability entry.
NTP 4.2.8p3 Denial Of Service
!/usr/bin/env python Exploit Title: ntpd 4.2.8p3 remote DoS Date: 2015-10-21 Bug Discovery: John D "Doug" Birdwell Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://support.ntp.org/bin/view/Main/NtpBug2922 Vendor Homepage: http://www.ntp.org/ Software Link:...
CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016...
CVE-2016-7855
Adobe Flash Player CVE-2016-7855 is a use-after-free vulnerability allowing remote code execution. It affects Flash Player on Windows, macOS, and Linux (versions prior to 23.0.0.205 for Windows/OS X and prior to 11.2.202.643 on Linux). Exploitation has been observed in the wild (October 2016). Af...
Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google
Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft ha...
MGASA-2016-0360 Updated flash-player-plugin packages fix security vulnerability
This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system CVE-2016-7855...
Updated flash-player-plugin packages fix security vulnerability
This update fixes a use-after-free issue that can be triggered by attackers for arbitrary code execution, potentially allow the attacker to take control of the affected system CVE-2016-7855...
CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Recent assessments: Assessed Attacker Value: 0 Assessed...