| Ticket | Info |
|---|---|
| DE7363 | The "SSL HTTPS 1.0" Super Flow has been updated such that the client initiates the TLS Close Notify sequence. |
| DE7365 (1431906) | The "H.248 Analog Call" and "H.248 Analog Call (Delayed)" Super Flows have been updated such that RTP application transactions are now reported. |
| Name | Category | Info |
|---|---|---|
| Manufacturing Message Specification | SCADA | This protocol implements the IEC61850 Manufacturing MessageSpecification ISO9506 (MMS) |
| Name | Category | Info |
|---|---|---|
| Emulate Speedtest.net | Testing and Measurement | Emulate www.speedtest.net for testing network upload and download speed. There are 8 flows for download speed test and 10 flows for upload speed test. |
| Manufacturing Message Specification (MMS) | SCADA | This traffic emulates a Confirmed Request message. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E17-5ae01 |
APSB-17-01 BID-95344 CVE-2017-2966 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) ZDI-17-030 |
Exploits | This strike exploits a heap overflow vulnerability in Adobe Acrobat Reader ImageConversion. In TIFF IFD entries with certain tags and Type 0x0002 (ASCII), and a Count value of 0xFFFFFFFF, no heap allocation is made, however a heap write still occurs, leading to a heap buffer overflow. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash. |
| 9.3 | E16-6ni01 |
BID-93057 CVE-2016-4734 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) GOOGLE-862 GOOGLE-863 |
Exploits | This strike exploits a vulnerability in Webkit. The copyWithin and fill methods both allow for very large values to be written to an absolute pointer within a specified range. It is possible for an attacker to craft javascript in a way that will corrupt memory and may allow for remote code execution to occur. |
| 7.6 | E16-8k301 |
BID-94039 CVE-2016-7203 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-934 MS16-129 |
Exploits | This strike exploits a vulnerability in Microsoft Edge. Specifically it is possible to allow for an array with boundaries that will cause integer overflows to be spliced. When this happens a heap overflow will occur which can cause a denial of service in the browser and potentially leading to remote code execution. |
| 7.5 | E17-0fad1 |
BID-95852 CVE-2017-5205 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a buffer overflow vulnerability in the ISAKMP parser of tcpdump. The vulnerability is due to insufficient sanitization of user-controllable input within print-isakmp.c:ikev2_e_print(). By sending a specially crafted packet an attacker could execute code on systems using the vulnerable program. |
| 7.5 | E16-9zi01 |
BID-95421 CVE-2016-9054 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a buffer overflow vulnerability in Aerospike Database server. The vulnerability is due to improper checks of a user-supplied set name variable in the as_sindex__simatch_list_by_set_binid() function. A message with an overly long data in the set field will overflow a stack buffer which can result in remote code execution. |
| 7.1 | E17-5vm01 |
BID-95812 CVE-2017-3730 CVSS-7.1 (AV:N/AC:M/AU:N/C:N/I:N/A:C) URL |
Exploits | This strike exploits a NULL pointer dereference vulnerability in OpenSSL. A specially crafted Server Key Exchange containing a DHE non-prime N may result in triggering the vulnerability. Successful exploitation may result in a denial-of-service condition on the OpenSSL client side. |
| 6.8 | E16-3yo01 |
BID-94478 CVE-2016-1248 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1037338 URL |
Exploits | This strike exploits a remote command execution vulnerability in Vim. The vulnerability is due to insufficient validation of some modeline values. Successful exploitation can result in command execution by enticing a user to open a malicious file in Vim. |
| 6.5 | E16-7u201 |
CVE-2016-6266 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | This strike exploits a command execution vulnerability in Trend Micro Smart Protection Server. The vulnerability is due to improper checks of the host, apikey, and enable HTTP parameters. Successful exploitation can result in command execution. |
| 5.0 | E17-09vz1 |
CVE-2016-8207 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL ZDI-17-052 |
Exploits | This strike exploits a directory-traversal vulnerability in Brocade Network Advisor. The vulnerability is due to lack of input-validation on the FILENAME paramater. A remote attacker could exploit this vulnerability to read arbitrary files from the targeted system. |