CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

Design/Logic Flaw

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

UBUNTU-CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

UBUNTU-CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

CVE-2018-6097

Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page...

CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

CVE-2018-6106

CVE-2018-6106 affects the Chromium/Google Chrome stack (Chromium project) and is tied to the V8 JavaScript engine. The issue arises with an asynchronous generator that may return an incorrect state, allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. Publi...

CVE-2018-6106

Removed by vendor...

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

Description of the security update for SharePoint Foundation 2010: December 11, 2018

Description of the security update for SharePoint Foundation 2010: December 11, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due a use-after-free UAF bug in Parse.cpp when an asynchronous arrow functions are used, which would allow a remote attacker to leave a bogus reference to the async identifier and execute arbitrary code in the context of the...

Kernel update: Virtuozzo ReadyKernel patch 67.0 for Virtuozzo 7.0.4 HF3 to 7.0.7 HF3

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.15 7.0.4 HF3 to 3.10.0-693.21.1.vz7.48.2 7.0.7 HF3. Vulnerability id: PSBM-90024 It was discovered that a special sequence of operations involving NFS server ...

Asynchronous Target Enumeration Tool: bscan

bscan is a command-line utility to perform active information gathering and service enumeration. At its core, bscan asynchronously spawns processes of well-known scanning utilities, repurposing scan results into highlighted console output and a well-defined directory structure. bscan was written ...

F5 Networks BIG-IP : iControl REST vulnerability (K24465120)

Race conditions in iControl REST may lead to commands executed with different privilege levels than expected. CVE-2017-6167 Impact Sending asynchronous tasks usingthe iControl REST API may be processed as the wrong user and resultin an error. C Tenable Network Security, Inc. The descriptive text...

kernel: AIO write triggers integer overflow in some protocols

Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression...

au.com.govlawtech:dvasopapi-client (=1.3.1), by.exonit.redmine.client:client-play-ws_2.11 (=4.0.0-RC2) +342 more potentially affected by CVE-2017-14063 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.0.34)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =1.0, =1.23.0, =1.23.0, =1.2.2, =0.5.4, =0.9.1, =0.0.1, =0.1.13, =1.0, =2.7.0 and more Source cves: CVE-2017-14063 Source advisory: OSV:GHSA-93JQ-624G-4P9P...

async-http-client: Invalid URL parsing with '?'

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

tecrail Responsive FileManager Path Traversal Vulnerability

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail that supports the uploading and management of videos, images and other files. A directory traversal vulnerability exists in the /filemanager/ajaxcalls.php file in versions of tecrail...

CVE-2018-12587

A cross-site scripting XSS vulnerability was found in valeuraddons German Spelling Dictionary v1.3 an Opera Browser add-on. Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar...

Reconnaissance and Vulnerability Scanning Tool: Raccoon

Raccoon is a tool made for reconnaissance and information gathering with an emphasis on simplicity. It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan output...