103 matches found
CVE-2018-0278
Affected product/area: Cisco Firepower System Software management console. Vulnerability summary: An information-disclosure vulnerability due to improper cross-origin protections for WebSocket in the management console could allow an unauthenticated, remote attacker to retrieve policy or configur...
CVE-2018-0278
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
Design/Logic Flaw
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
CVE-2017-17751
Bose SoundTouch devices are affected by CVE-2017-17751. A remote attacker can gain remote control by luring the device to a crafted website using the WebSocket protocol. The vulnerability is documented across multiple sources (e.g., NVD/NVD CVSS 2.0/3.0: base scores 6.8 (MEDIUM) and 8.8 (HIGH) re...
CVE-2017-17751
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol...
PT-2018-6564 · Bose · Bose Soundtouch
Name of the Vulnerable Software and Affected Versions: Bose SoundTouch affected versions not specified Description: The issue allows remote attackers to achieve remote control of Bose SoundTouch devices via a crafted web site that uses the WebSocket Protocol. Recommendations: At the moment, there...
Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability(CVE-2017-2922)
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
DEBIAN-CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
Memory corruption
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
Integer overflow
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2922
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
CVE-2017-2921
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...
Cesanta Mongoose Remote Code Execution Vulnerability
Cesanta Mongoose is a set of embedded servers from the Irish company Cesanta. websocket protocol is one of the websocket communication protocols. A remote code execution vulnerability exists in the Websocket protocol implementation in Cesanta Mongoose version 6.8. A remote attacker can exploit th...
Starscream 2.0.3 SSL Pinning Bypass Vulnerability
WebSocket.swift in Starscream versions 2.0.3 and below allows an SSL Pinning bypass because of incorrect management of the certValidated variable it can be set to true but cannot be set to false. An attacker can achieve traffic interception from a man-in-the-middle position, first by resetting th...