154 matches found
CVE-2024-11045
A Cross-Site WebSocket Hijacking CSWSH vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows an attacker to clone a malicious server extension from a GitHub repository. The vulnerability arises from the lack of proper validation on WebSocket connections at...
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning Exploit
ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...
ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning
ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...
CVE-2024-5820
An unprotected WebSocket connection in the latest version of stitionai/devika commit ecee79f allows a malicious website to connect to the backend and issue commands on behalf of the user. The backend serves all listeners on the given socket, enabling any such malicious website to intercept all...
The vulnerability lies in the implementation of the WebSocket protocol used by the software testing tool Vitest, which allows a hacker to execute arbitrary code.
The vulnerability of the WebSocket protocol implementation in the software testing tool Vitest is related to the lack of authentication for the communication source. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted file...
The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and proxy servers, which allows attackers to elevate privileges to the “super-admin” level.
The vulnerability of the WebSocket module in Node.js operating systems on FortiOS and FortiProxy proxy servers relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to elevate their privileges to “super-admi...
CVE-2024-48059
CVE-2024-48059 affects gaizhenbiao/chuanhuchatgpt up to version 20240802, vulnerable to stored XSS in WebSocket session transmissions. An attacker can inject malicious content into a WebSocket message, with execution of injected script in a victim’s browser when the session is accessed. The root ...
The vulnerability of the WebSocket protocol in the Apache HTTP Server web server allows a attacker to induce a service failure.
The vulnerability of the WebSocket protocol in the Apache HTTP Server is related to the assignment of a null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
Devika Security Breach
Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches the relevant information, and writes code to achieve a given goal. Devika has a security vulnerability that stems from an ineffectively protected...
003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +17421 more potentially affected by CVE-2024-37890 via ws (>=2.1.0 <=5.2.2)
ws NPM version =2.1.0, =1.0.0, =0.0.3, =1.1.0, =0.9.9, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =1.0.0, =2.0.7 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...
Important: tomcat9
Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...
CVE-2024-28179 Jupyter Server Proxy's Websocket Proxying does not require authentication
Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.streamnative.oss:pulsar-jms-filters (=4.0.5) +8 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (=3.0.0)
org.apache.pulsar:pulsar-websocket MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-websocket and may be impacted: - com.datastax.oss:pulsar-jms-filters =4.0.0, =4.0.1 - io.streamnative.oss:pulsar-jms-filter...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.1) +7 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=2.11.0 <=2.11.1)
org.apache.pulsar:pulsar-websocket MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 Source cves: CVE-2023-37544 Source advisory: OSV:GHSA-83Q5-WHQP-R8JR...
The vulnerability of the WebSocket technology in the Quarkus Java framework allows attackers to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the WebSocket technology in the Quarkus Java framework is related to the improper implementation of the sequence of actions performed during request processing, due to insufficient access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access...
The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for editing system data files on the MacOS operating system allows attackers to bypass security restrictions and execute arbitrary code.
The vulnerability of the WebSocket technology in the Confluence Atlassian Companion App for MacOS lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker to bypass security restrictions and execute arbitrary code...
PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1
Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...
Bykea: Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure
The vulnerability in Bykea's WebSocket implementation was that the tripno identifier was exposed to drivers before a bid was accepted. This identifier could be used to access customer tracking URLs, revealing excessive information of the customers to unauthorized drivers. The issue was resolved b...
The vulnerability of the WebSocket component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.
The vulnerability of the WebSocket component of the cross-platform software development framework for Qt is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
8x8 Bounty: Jitsi: Bridge Message Spoofing due to Improper JSON Handling leads to Prototype Pollution
The Jitsi VideoBridge failed to properly handle JSON messages with duplicate colibriClass keys, enabling clients to send messages interpreted differently by the bridge and resulting in unauthorized actions within video conferences. Jitsi Security Advisory has been published...