CVE-2019-13722

Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Mozilla Firefox and Firefox ESR stack buffer overflow vulnerability (CNVD-2020-01180)

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A stack buffer overflow vulnerability exists in Mozilla Firefox versions prior t...

The vulnerability in the implementation of the WebRTC technology in Google Chrome browser allows a hacker to induce a service failure.

The vulnerability of the WebRTC technology implemented in Google Chrome browser is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...

DEBIAN-CVE-2019-13694

Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

PT-2019-14995 · Signal +1 · Signal Private Messenger +1

Name of the Vulnerable Software and Affected Versions: Signal Private Messenger versions through 4.47.7 for Android Description: The issue is related to the WebRTC component in the Signal Private Messenger application, which processes videoconferencing RTP packets before a callee chooses to answe...

UBUNTU-CVE-2019-10638

In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols e.g., UDP and ICMP. When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions of indices to the counter...

CVE-2018-6157

Type confusion in WebRTC in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2018-6129

Out of bounds array access in WebRTC in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

UBUNTU-CVE-2019-5764

Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

headq-rtc (=1.0.0), kittyswarm (>=1.1.0 <=1.1.1) +1 more potentially affected by CVE-2016-10600 via webrtc-native (=1.4.0)

webrtc-native NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on webrtc-native and may be impacted: - headq-rtc =1.0.0 - kittyswarm =1.1.0, =1.1.1 - peeracle =0.0.3 Source cves: CVE-2016-10600 Source advisory: OSV:GHSA-7XVG-M3VX-2HHV...

UBUNTU-CVE-2018-16083

An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in WebSphere Application Server bundled with IBM Jazz Team Server based Applications affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC,...

Cross site scripting

IBM Team Concert RTC 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB...

CVE-2018-1766

IBM Team Concert RTC 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB...

CVE-2018-1766

IBM Team Concert (RTC) and Rational CLM are affected by a cross-site scripting (XSS) vulnerability in the Web UI for RTC versions 5.0–5.0.2 and 6.0–6.0.5 (6.0.6 iFix03 or later is the remediation). The underlying issue allows an attacker to embed arbitrary JavaScript, potentially altering functio...

CVE-2018-1766

IBM Team Concert RTC 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB...

Google Chrome Type Obfuscation Vulnerability (CNVD-2018-17044)

Google Chrome is a web browser developed by the American company Google Google. A type confusion vulnerability exists in WebRTC in Google Chrome. The vulnerability allows remote attackers to submit a special request to execute arbitrary code...

CVE-2018-1407

The CVE-2018-1407 entry applies to IBM Rational Team Concert (RTC) / Rational Collaborative Lifecycle Management versions: RTC 5.0–5.0.2 and 6.0–6.0.5. The vulnerability is a cross-site scripting (XSS) flaw in the Web UI that lets an attacker embed arbitrary JavaScript, potentially leading to cre...

CVE-2018-1408

Summary: IBM Rational Team Concert (RTC) is vulnerable to cross-site scripting (XSS) in the Web UI. Affected versions are RTC 5.0–5.0.2 and 6.0–6.0.5 (and Rational Collaborative Lifecycle Management 5.0–6.0.5). The flaw lets an attacker embed arbitrary JavaScript in the Web UI, potentially leadin...