SUSE-SU-2025:02992-1 Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one ...

Linux Distros Unpatched Vulnerability : CVE-2020-15134

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em- http-request and faye-websocket in the Ruby version of i...

Linux Distros Unpatched Vulnerability : CVE-2016-10542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is a simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455. By sending an overly lo...

Missing Origin Validation

org.apache.zeppelin, zeppelin-shell is vulnerable to Missing Origin Validation. The vulnerability is due to lack of origin validation in WebSocket connections, which allows an attacker to access the Zeppelin server from another origin and retrieve internal information about paragraphs...

Linux Distros Unpatched Vulnerability : CVE-2018-1257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSock...

CVE-2025-55300

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

Linux Distros Unpatched Vulnerability : CVE-2018-17281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack consumption vulnerability in the reshttpwebsocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and...

Linux Distros Unpatched Vulnerability : CVE-2022-22971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial...

CVE-2025-55300

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

CVE-2025-55300

CVE-2025-55300 affects the GitHub project github.com/komari-monitor/komari (Komari) and is caused by the WebSocket upgrader disabling origin checking, which enables Cross-Site WebSocket Hijacking (CSWSH) against authenticated users. An attacker can craft requests to the terminal WebSocket endpoin...

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

CVE-2025-55300 Komari Allows Cross-site WebSocket Hijacking

Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Prior to 1.0.4-fix1, WebSocket upgrader has disabled origin checking, enabling Cross-Site WebSocket Hijacking CSWSH attacks against authenticated user...

curl: WebSocket Fragmentation DoS on Curl Client

Summary A malicious WebSocket server can send a fragmented message FIN=0 followed by a flood of continuation frames, causing the client curl to continuously allocate memory while waiting for message completion. This can result in high memory usage and potential crash OOM, representing a...

GO-2025-3874 Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari

Komari vulnerable to Cross-site WebSocket Hijacking in github.com/komari-monitor/komari...

Komari 跨站脚本漏洞

Komari is a simple server monitoring tool from the Komari Moniter open source. A cross-site scripting vulnerability exists in versions prior to Komari 1.0.4-fix1, which stems from the WebSocket updater disabling origin checking, and could lead to cross-site WebSocket hijacking and remote code...

Linux Distros Unpatched Vulnerability : CVE-2021-3690

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial...

Linux Distros Unpatched Vulnerability : CVE-2019-20840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LibVNCServer before 0.9.13. libvncserver/wsdecode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode...

Linux Distros Unpatched Vulnerability : CVE-2020-15133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the...

Linux Distros Unpatched Vulnerability : CVE-2020-27813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a...