| Ticket | Info |
|---|---|
| DE10531 | The TLS setting in "DASH Streaming over TLS" Super Flow min version changed to TLS v1.2 and cipher suite changed to ALL. |
| Name | Category | Info |
|---|---|---|
| Amazon Video DASH | Voice/Video/Media | This Super Flow simulates Amazon Prime Video streaming flow using Dynamic Adaptive Streaming over HTTP (ISO/IEC 23009-1_2014 MPEG-DASH) protocol. The audio and video streams are broken into 10 segments that are delivered separately through HTTP partial request/responses. The video stream consists of two video tracks representing the same content with different resolutions. Random segment selection performed during Super Flow initialization to simulate the link-adaptation mechanism in MPEG-DASH. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E19-7o911 |
CVE-2019-11581 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits a remote code execution in the JIRA Template. The vulnerability is due to improper sanitization of user input which is passed to the application via the ContactAdministrators and SendBulkMail actions. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the target server. |
| 9.0 | E19-7qoz1 |
CVE-2019-15107 CVSS-9.0 (AV:N/AC:L/AU:N/C:P/I:P/A:C) EXPLOITDB-47293 URL |
Exploits | An OS command injection vulnerability exists in Webmin 1.920 and prior versions. The flaw exists in the password change functionality and is reachable via the '/password_change.cgi' endopint. By exploiting this vulnerability, a remote unauthenticated attacker may execute arbitrary OS commands on the target system. |
| 9.0 | E19-7o912 |
CVE-2019-11941 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) |
Exploits | This strike exploits a remote code execution in the HPE Intelligent Management. The vulnerability is due to improper sanitization of user input "beanName" which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the target server with SYSTEM privilege. |
| 7.6 | D19-0xek1 |
CVE-2019-8684 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1850 |
Denial | This strike exploits a vulnerability in Apple Safari Webkit. It is possible for an attacker to construct Javascript in such a way that when the emitEqualityOpImpl method is called it will incorrectly replace the typeof instruction with the is_cell_with_type instruction. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur. |
| 7.5 | D19-7ohr1 |
CVE-2019-12255 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-47233 URL |
Denial | An integer underflow vulnerability exists in VxWorks 6.8 TCP stack. This strike simulates a denial of service attack by setting the URGENT TCP pointer to 0 (zero) when communicating with any network service. By exploiting this flaw, a remote attacker can cause denial of service by crashing the target network stack. |
| 5.0 | E19-5k771 |
BID-108693 CVE-2018-13379 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-47288 |
Exploits | This strike replicates a directory traversal attack on Fortinet FortiOS. The vulnerability resides in the '/remote/fgt_lang' endpoint and affects product versions 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4. By exploiting this flaw, a remote unauthenticated attacker may take over the device and perform attacks such as DNS hijacks. |
| 4.0 | D19-0xe83 |
CVE-2019-8672 CVSS-4.0 (AV:L/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-1825 |
Denial | This strike exploits a vulnerability in Apple Safari Webkit. Specifically a JSValue ValueProfile pointing to a previously freed chunk of memory which will have its JSCell header overwritten. When this gets accessed out of bounds a crash will occur. An attacker can craft javascript in such a manner that will cause memory corruption to occur, causing a denial of service in the browser and potentially leading to remote code execution. |