Input validation

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames...

CVE-2018-7789

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames...

CVE-2018-7789

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames...

Google Chrome < 67.0.3396.62 Multiple Vulnerabilities

Binary data 700358.pasl...

Covert Backdoor Transmission Method: GhostTunnel

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

CVE-2018-6155

Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

Apache Httpd < 2.4.35 : DoS for HTTP/2 connections by continuous SETTINGS

By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol...

Information disclosure

The Fibre Channel over Ethernet FCoE feature in IBM System Networking and Blade Network Technology BNT switches running IBM Networking Operating System aka NOS, formerly BLADE Operating System floods data frames with unknown MAC addresses out on all interfaces on the same VLAN, which might allow...

Denial Of Service (DoS)

websockets is vulnerable to denial of service attacks. The application does not properly enforce a size limit when decompressing frames, allowing a malicious user to pass a zip bomb to the application to consume memory and crash it...

PT-2018-9415 · Aaugustin +1 · Uwebsockets +1

Name of the Vulnerable Software and Affected Versions: aaugustin websockets versions 4.0 through 4.0 Description: The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted...

Stack overflow

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

CVE-2018-12641

CVE-2018-12641 affects GNU Binutils 2.30, causing stack exhaustion in the libiberty C++ demangling code (arm_pt in cplus-dem.c) during nm-new due to recursive stack frames (demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, demangle_nested_args). Th...

CVE-2018-12641

An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demanglearmhptemplate, demangleclassname, demanglefundtype, dotype, doarg,...

Security Bulletin: ClearQuest Phishing Through Frames Vulnerability (CVE-2012-4839)

Summary Security Scanning indicated a vulnerability to a Phishing Through Frames attack in the OSLC system in IBM Rational ClearQuest. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires...

Security Bulletin: Phishing through frames vulnerability in the GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-3009)

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to phishing through frames vulnerability. Vulnerability Details CVE ID: CVE-2014-3009 Description: IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to phishing through frames. An...

frames-compiler remote code execution vulnerability

The frames-compiler is a suite of software for building a wide range of applications, providing a graphical user interface that supports multiple platforms. A security vulnerability exists in frames-compiler that originates when the program downloads binary resources over the HTTP protocol. A...

CVE-2018-5116

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with th...

CVE-2018-5116

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with th...

DEBIAN-CVE-2017-5446

An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...