CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

GHSA-849R-QRWJ-8RV4 Directus allows unauthenticated access to WebSocket events and operations

Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...

Directus allows unauthenticated access to WebSocket events and operations

Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus version 11.0.0 and versions prior to 11.3.0, which stems from a setting of WEBSOCKETSGRAPHQLAUTH or...

Mageia: Security Advisory (MGASA-2024-0382)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2024-2479 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: GNOME libsoup before 3.6.1 has an infinite loop, and memory...

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

CVE-2024-45495

MSA FieldServer Gateway versions 5.0.0–6.5.2 are affected by a cross-origin WebSocket hijacking vulnerability. The issue affects the WebSocket handling in the Gateway, enabling cross-origin hijacking potentially leading to unauthorized connection control. Affected products are MSA FieldServer Gat...

[SECURITY] Fedora 41 Update: python-aiohttp-3.10.5-3.fc41

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

[SECURITY] Fedora 40 Update: python-aiohttp-3.9.5-2.fc40

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

CLSA-2024-1732701424 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: DoS via incomplete cleanup vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure connection closure completes - CVE-2024-23672...

USN-7126-1 libsoup2.4 vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. CVE-2024-52530 It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An...

USN-7127-1 libsoup3 vulnerabilities

It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-52530 It was discovered that libsoup did not...

CLSA-2024-1732637149 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: Denial of Service vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure WebSocket connection closure completes - CVE-2024-23672...

K000148687: qt vulnerabilities CVE-2018-21035, CVE-2015-1290, CVE-2013-0254, and CVE-2023-43114

Security Advisory Description CVE-2018-21035 In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption. CVE-2015-1290 The Google V8...

OESA-2024-2471 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations...

OESA-2024-2460 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...