Lucene search
K

5561 matches found

OSV
OSV
added 2016/01/12 7:59 p.m.3 views

DEBIAN-CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS7.6AI score0.07393EPSS
Exploits0References1
OSV
OSV
added 2016/01/12 7:59 p.m.11 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS8AI score0.07393EPSS
Exploits0References24
NVD
NVD
added 2016/01/12 7:59 p.m.21 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS8.4AI score0.07393EPSS
Exploits0References17
Prion
Prion
added 2016/01/12 7:59 p.m.38 views

Design/Logic Flaw

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

7.8CVSS6.7AI score0.07393EPSS
Exploits0References17Affected Software11
CVE
CVE
added 2016/01/12 7:0 p.m.141 views

CVE-2015-1779

CVE-2015-1779 affects QEMU with the VNC websocket frame decoder. The issue allows a remote attacker to cause a denial of service by sending oversized websocket payloads or HTTP headers, exhausting CPU and memory. Impact is observed when an attacker accesses a guest’s VNC console over the network....

8.6CVSS7.9AI score0.07393EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2016/01/12 7:0 p.m.18 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.1AI score0.07393EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2016/01/12 7:0 p.m.32 views

CVE-2015-1779

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service memory and CPU consumption via a large 1 websocket payload or 2 HTTP headers section...

8.6CVSS7.8AI score0.07393EPSS
Exploits0
CNVD
CNVD
added 2015/12/20 12:0 a.m.4 views

Drupal Chat Room Module Information Disclosure Vulnerability

Drupal is a free and open source content management system developed in PHP. Chat Room is one of the modules used to set up the chat room feature on the Drupal website. Drupal Chat Room fails to properly check permissions when setting up websocket sockets for chat messages, which can be exploited...

5CVSS7AI score0.01233EPSS
Exploits0References1
CVE
CVE
added 2015/12/17 7:0 p.m.37 views

CVE-2015-8601

CVE-2015-8601 affects the Drupal Chat Room module for Drupal 7.x (versions before 7.x-2.2). The vulnerability arises from insufficient permission checks when establishing a websocket for chat messages, enabling remote attackers to bypass access controls and read messages in arbitrary chat rooms v...

5CVSS7AI score0.01233EPSS
Exploits0References2Affected Software1
Drupal
Drupal
added 2015/12/02 12:0 a.m.28 views

Chat Room - Moderately Critical - Access Bypass - SA-CONTRIB-2015-169

Chat Room enables site owners to integrate chats into nodes by adding the chat room field to them. The module relies on a websocket connection to send chat messages to the client. The module doesn't sufficiently validate access before setting up the websocket. As a result, users may receive...

5CVSS6.3AI score0.01233EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.28 views

RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...

7.5CVSS8.7AI score0.04219EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2015/11/30 12:0 a.m.38 views

Mozilla Thunderbird < 38.4 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 38.4. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these issues, vi...

9.8CVSS8.4AI score0.10238EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2015/11/26 1:41 p.m.3 views

Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...

5CVSS7.4AI score0.02535EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.6 views

Vulnerability of Firefox and Firefox ESR browsers, which allows attackers to circumvent existing access restrictions

The vulnerability of Firefox and Firefox ESR browsers is related to errors in the creation of WebSocket objects. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions using specially crafted JavaScript code...

5CVSS7.7AI score0.02535EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2015/11/19 6:3 a.m.6 views

wireshark: WebSocket DoS (wnpa-sec-2015-13)

epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

7.8CVSS5.9AI score0.03443EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/11/10 12:0 a.m.40 views

openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss / etc (openSUSE-2015-718)

Mozilla Firefox was updated to version 42.0, fixing bugs and security issues. Mozilla xulrunner was updated to xulrunner 38.4.0. SeaMonkey was updated to 2.39. New features in Mozilla Firefox : - Private Browsing with Tracking Protection blocks certain Web elements that could be used to record yo...

9.8CVSS7.8AI score0.10238EPSS
Exploits0References24
CNVD
CNVD
added 2015/11/07 12:0 a.m.2 views

Mozilla Firefox and Firefox mixed-content restriction bypass vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. Mozilla Firefox incorrectly uses a web worker to create WebSocket objects, which allows remote attackers to bypass mixed-content restrictions and gain unauthorized access using specially crafted...

5CVSS9AI score0.02535EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/11/07 12:0 a.m.29 views

SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.6AI score
Exploits0References1
NVD
NVD
added 2015/11/05 5:59 a.m.16 views

CVE-2015-7197

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...

5CVSS9.3AI score0.02535EPSS
Exploits0References20
Prion
Prion
added 2015/11/05 5:59 a.m.23 views

Code injection

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code...

5CVSS6.9AI score0.02535EPSS
Exploits0References20Affected Software2
Rows per page
Query Builder