52 matches found
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
SurrealDB depends on the tungstenite and tokio-tungstenite crates used by the axum crate, which handles connections to the SurrealDB WebSocket interface. On versions before 0.20.1, the tungstenite crate presented an issue which allowed the parsing of HTTP headers during the client handshake to...
Misskey Authorization Issues Vulnerabilities
Misskey is a suite of micro-blogging platforms. An authorization issue vulnerability exists in Misskey versions prior to 2023.12.1, which stems from the ability to access certain endpoints or websocket APIs designated as secure or safe and perform actions such as reading or adding public content...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
Design/Logic Flaw
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
CVE-2022-46901
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This...
CVE-2022-46901
CVE-2022-46901 affects Vocera Report Server and Voice Server 5.x through 5.8. The issue is an Access Control Violation for database operations via the Vocera Report Console’s websocket interface, which permits unauthenticated execution of tasks and database functions, including system tasks and a...
Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container
Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface...
CVE-2019-5514
VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...