Remote code execution

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8231

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

CVE-2018-8231

CVE-2018-8231 is a remote code execution vulnerability in Microsoft Windows HTTP.sys. The flaw occurs when Http.sys improperly handles objects in memory, allowing an attacker to gain control of the affected system by sending specially crafted requests. Affected products include Windows Server 201...

Microsoft Windows 'HTTP.sys' Denial of Service Vulnerability (CNVD-2018-12567)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. The HTTP protocol stack HTTP.sys is one of the system components used to support applications communicating information through the interfaces it provides. A denial of service...

Microsoft June 2018 Patch Tuesday Pushes 11 Critical Security Updates

It's time to gear up for the latest June 2018 Microsoft security patch updates. Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are...

HTTP Protocol Stack Remote Code Execution Vulnerability

A remote code execution vulnerability exists when HTTP Protocol Stack Http.sys improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of the affected system. To exploit the vulnerability, in most situations, an...

KB4284874: Windows 10 Version 1703 June 2018 Security Update

The remote Windows host is missing security update 4284874. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

KB4284860: Windows 10 June 2018 Security Update

The remote Windows host is missing security update 4284860. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

KLA11266 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation...

Buffer overflow

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...

CVE-2018-10238

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...

CVE-2018-10238

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...

CVE-2018-10238

CVE-2018-10238 affects skarg BACnet Protocol Stack bacserv (versions 0.9.1 and 0.8.5). The root cause is a Buffer Overflow in BVLC forwarded NPDU handling (bvlc_bdt_forward_npdu calls bvlc_encode_forwarded_npdu and copies request data into a local stack frame, clobbering the canary) due to missin...

Google Android Kernel Bluez Elevation of Privilege Vulnerability

Android on Google Pixel and Nexus is an open source Linux-based operating system for the Google Pixel and Nexus smartphones developed by Google and the Open Handset Alliance OHA.Kernel Bluez is one of the Bluetooth protocol stacks. Kernel Bluez is one of the Bluetooth protocol stacks. An elevatio...

Input validation vulnerability in multiple Huawei products

Huawei S2300 and others are switching devices from Huawei in China.IP stack is one of the transport protocols. A security vulnerability exists in the IP stack of several Huawei products, which stems from the failure of the message processing module to correctly determine the IP option length. The...

USN-3406-1: Linux kernel vulnerabilities

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...

USN-3406-1 linux vulnerabilities

It was discovered that an out of bounds read vulnerability existed in the associative array implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash or expose sensitive information. CVE-2016-7914 It was discovered that a NULL pointer dereferenc...

SECCN User Behavior Management Firewall Has Information Disclosure Vulnerability

SECCN User Behavior Management Firewall is an application gateway firewall based on a security protocol stack. The SECCN User Behavior Management Firewall suffers from an information leakage vulnerability. An attacker can exploit this vulnerability to obtain sensitive server files, posing an...

Denial of Service Vulnerability in Schneider M218 TCP/IP Stack

The Modicon M218 is a compact programmable logic controller manufactured by Schneider Electric of France. A denial of service vulnerability exists in the Schneider Electric M218 TCP/IP stack, where an IP message with an abnormal IP header 0 in the IPTotalLength field and 6 in the IPProtocol field...

Land Attack Vulnerability in Schneider 140NOE77101 Ethernet Module

The 40NOE77101 is an Ethernet communication module for Schneider's Quantum series PLCs. A Land attack vulnerability exists in the TCP/IP stack of the Schneider 140NOE77101 Ethernet module. Since the program sends TCP SYN messages with the same source and destination IP both IP addresses of the...