5 matches found
SUSE CVE-2026-12151
Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...
CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass
Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...
CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...
GHSA-HVV7-HFRH-7GXJ Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...
IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2020-67638)
IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...