RHEL 7 : xmlrpc (RHSA-2018:2317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2317 advisory. XML-RPC is a way to make remote procedure calls over the Internet. It converts procedure calls into XML documents, sends them to a remote server usin...

UBUNTU-CVE-2018-14369

In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...

Security Bulletin: Denial of service for accessing data using HTTP protocol on IBM Storwize V7000 Unified (CVE-2007-6750)

Summary A fix is available for IBM Storwize V7000 Unified, for the security issue of Denial of service for accessing data using HTTP protocol. Vulnerability Details CVEID: CVE-2007-6750 DESCRIPTION: IBM Storwize V7000 Unified supports data access using HTTP protocol. Apache HTTP Server is...

Security Bulletin: Denial of service for accessing data using HTTP protocol on IBM SONAS (CVE-2007-6750)

Summary A fix is available for IBM SONAS, for the security issue of Denial of service for accessing data using HTTP protocol. Vulnerability Details CVEID: CVE-2007-6750 DESCRIPTION: SONAS supports data access using HTTP protocol. Apache HTTP Server is vulnerable to a denial of service. By sending...

js-given code execution vulnerability

js-given is a developer-oriented , BDD for JavaScript Behavior Driven Development, Behavior Driven Development tools . A security vulnerability exists in js-given that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability ...

prebuild-lwip Remote Code Execution Vulnerability

prebuild-lwip is a lightweight image processor based on NodeJS. A security vulnerability exists in prebuild-lwip that originates when the program downloads binary resources over the HTTP protocol. An attacker can use this vulnerability to modify or read the downloaded resources and potentially...

CVE-2018-8231

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

Remote code execution

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8231

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8231

CVE-2018-8231 is a remote code execution vulnerability in Microsoft Windows HTTP.sys. The flaw occurs when Http.sys improperly handles objects in memory, allowing an attacker to gain control of the affected system by sending specially crafted requests. Affected products include Windows Server 201...

UBUNTU-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

June Patch Tuesday – New Speculative Store Bypass Fixes, Adobe Vulns

June's Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited. Speculative Store Bypass Microsoft...

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are...

HTTP Protocol Stack Remote Code Execution Vulnerability

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. To exploit the vulnerability, in most situations, an...

KB4284874: Windows 10 Version 1703 June 2018 Security Update

The remote Windows host is missing security update 4284874. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

KLA11266 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

olivibra.ru XSS vulnerability

Open Bug Bounty ID: OBB-630251 Description| Value ---|--- Affected Website:| olivibra.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-10685

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on...

CVE-2016-10606

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...