CVE-2018-11712

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections...

Fast8690-exploit

Sagemcom Fast 3890 exploit This exploit uses the Cable Haunt...

Ansible Tower 3.5.x < 3.5.4 / 3.6.x < 3.6.2 Multiple Vulnerabilities

The version of Ansible Tower running on the remote web server is 3.5.x prior to 3.5.4 or 3.6.x prior to 3.6.2. It is, therefore, affected by multiple vulnerabilities. - An information disclosure vulnerability exists in the Sumologic and Splunk callback plugins due to Ansible not respecting the...

CVE-2019-19342

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wi...

Default credentials

A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose wi...

CVE-2019-19342

CVE-2019-19342 affects Red Hat Ansible Tower 3.6.x before 3.6.2 and 3.5.x before 3.5.4. When a request to /websocket includes a password containing the character ‘#’, the parsing in RabbitMQ can trigger a socket error and return HTTP 500 with partial plaintext password disclosure. This enables br...

Red Hat JBoss Enterprise Application Platform 6.x < 6.4.22 Multiple Vulnerabilities

The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 6.x prior to 6.4.22. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:1162 advisory: - admin-cli: wildfly-core: Cross-site scripting XSS in JBoss Management Console...

EulerOS 2.0 SP3 : tomcat (EulerOS-SA-2019-2675)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to...

chromium-browser: Insufficient policy enforcement in WebSockets

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Unspecified vulnerability in Ansible Tower (CNVD-2019-46771)

Ansible is a computer system configuration manager from the American company Ansible. The product can be used to publish, manage, and orchestrate computer systems.Ansible Tower is one of the task control applications that provides a user interface UI, dashboard, and REST API. Ansible Tower has an...

CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2019-2361)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

The vulnerability in the io/channel-websock.c component of the QEMU hardware emulation software allows a hacker to induce a system failure.

The vulnerability of the io/channel-websock.c component of the QEMU hardware emulation software is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a service failure...

Rocket.Chat: Account takeover via XSS

Summary: By combining AutoLinker and Markdown an attacker is able to inject malicious scripts. Description: By combining AutoLinker and Markdown we can trick the parser into breaking out of the current HTML attribute. https://a?p= results in: html ." target="blank" rel="noopener noreferrer" "...

CVE-2017-2670

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

SUSE-SU-2019:2521-1 Security update for SUSE Manager Server 3.2

This update fixes the following issues: cobbler: - Jinja2 template library fix bsc1141661 pgjdbc-ng: - Allow dots in database name bsc1146416 py26-compat-salt: - Get tornado dependency from the system on SLE12 bsc1149409 - Catch SSLError for TLS 1.2 bootstraps with RES/RHEL6 and SLE11 bsc1147126...

The vulnerability of the WebSocket component in Firefox browsers, which allows attackers to disclose protected information

The vulnerability of the WebSocket component in Firefox arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this mechanism...

EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2019-1992)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The URL pattern of '' the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5....

CVE-2019-5531

VMware vSphere ESXi 6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG and VMware vCenter Server 6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j contain an information disclosure vulnerability in clients arising from...

CVE-2019-5531

VMware vSphere ESXi 6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG and VMware vCenter Server 6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j contain an information disclosure vulnerability in clients arising from...