5561 matches found
DEBIAN-CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
Design/Logic Flaw
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
CVE-2015-1779
CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
CVE-2015-1779
The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...
Drupal Chat Room Module Information Disclosure Vulnerability
Drupal is a free and open source content management system developed in PHP. Chat Room is one of the modules used to set up the chat room feature on the Drupal website. Drupal Chat Room fails to properly check permissions when setting up websocket sockets for chat messages, which can be exploited...
CVE-2015-8601
CVE-2015-8601 affects the Drupal Chat Room module for Drupal 7.x (versions before 7.x-2.2). The vulnerability arises from insufficient permission checks when establishing a websocket for chat messages, enabling remote attackers to bypass access controls and read messages in arbitrary chat rooms v...
Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169
Chat Room enables site owners to integrate chats into nodes by adding the chat room field to them. The module relies on a websocket connection to send chat messages to the client. The module doesn't sufficiently validate access before setting up the websocket. As a result, users may receive...
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...
Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)
The version of Thunderbird installed on the remote Mac OS X host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, vi...
Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to circumvent existing access restrictions
The vulnerability of Firefox and Firefox ESR browsers is related to errors in the creation of WebSocket objects. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions using specially crafted JavaScript code...
wireshark: WebSocket DoS (wnpa-sec-2015-13)
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...
openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss / etc (openSUSE-2015-718)
Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. SeaMonkey was updated to 2.39. New features in Mozilla Firefox : - Private Browsing with Tracking Protection blocks certain Web elements that could be used to record yo...
Mozilla Firefox and Firefox mixed-content restriction bypass vulnerability
Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. Mozilla Firefox incorrectly uses a web worker to create WebSocket objects, which allows remote attackers to bypass mixed-content restrictions and gain unauthorized access using specially crafted...
SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1926-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-7197
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...
Code injection
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...