Denial Of Service (Dos)

mysql is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker to crash the server...

Denial Of Service (Dos)

mysql is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker to crash the server...

Denial Of Service (Dos)

mysql is vulnerable to denial of service. An easily exploitable vulnerability allows a high privileged attacker to crash the server...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Metasys Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could be leveraged by an...

OSIsoft PI Web API

1. EXECUTIVE SUMMARY CVSS v3 8.5 ATTENTION: Exploitable remotely Vendor: OSIsoft LLC Equipment: OSIsoft PI Web API Vulnerabilities: Inclusion of Sensitive Information in Log Files, Protection Mechanism Failure 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow direct...

KLA11532 A PE vulnerability in Microsoft Dynamics 365 On-Premise v9

An elevation of privilege vulnerability in Dynamics On-Premise can be exploited remotely via specially crafted XAML script to gain privileges. Original advisories CVE-2019-1229 Related products Microsoft-Dynamics-365 CVE list CVE-2019-1229 high KB list 4508724 Solution Install necessary updates...

Siemens SCALANCE Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SCALANCE Products Vulnerabilities: Improper Adherence to Coding Standards 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Schneider Electric Modicon M580 UMAS Function Code 0x29 Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the UMAS function code 0x29 functionality of the Schneider Electric Modicon M580 Programmable Automation Controller firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault stat...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0064)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0052)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - libical 1.0 allows remote attackers to cause a denial of service use-after-free via a crafted ics file. CVE-2016-5824 - A use-after-free...

NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0161)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed paren...

NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0137)

The remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a...

NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox E...

NewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0034)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client mysqldump. Supported versions that are affected are 5.5.56 and...

tappymenu.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-931708 Security Researcher g0bl1nsec Helped patch 3766 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting tappymenu.com website and...

CVE-2019-11653

Remote Access Control Bypass in Micro Focus Content Manager. versions 9.1, 9.2, 9.3. The vulnerability could be exploited to manipulate data stored during another user’s CheckIn request...

Apache Tika 1.15 - 1.17 - Header Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at...

NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability

Summary An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMXCFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an untrusted pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This...

CVE-2019-5020

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerabili...

CVE-2019-5020

An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerabili...