5318 matches found
Misskey Authorization Issues Vulnerabilities
Misskey is a suite of micro-blogging platforms. An authorization issue vulnerability exists in Misskey versions prior to 2023.12.1, which stems from the ability to access certain endpoints or websocket APIs designated as secure or safe and perform actions such as reading or adding public content...
PT-2023-31930 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions prior to 2023.12.1 Description: Misskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified without the user's...
curl: Buffer Overflow Vulnerability in WebSocket Handling
Vulnerability description not provided...
Weak Hashing Algorithm
bsock is vulnerable to a Weak Hashing Algorithm. The vulnerable is due to the libraries usage of weak hashing algorithm MD5, SHA1 within vendor\faye-websocket.js. This could allow an attacker to break the confidentiality of the websocket communication...
CVE-2023-48003
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' in the WebSocket messages...
CVE-2023-48003
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' in the WebSocket messages...
Open redirect
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' in the WebSocket messages...
CVE-2023-48003
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' in the WebSocket messages...
Asp.Net Zero Security Vulnerability
Asp.Net Zero is an open source web development framework. A security vulnerability exists in Asp.Net Zero versions prior to 12.3.0, which stems from messages being transmitted over websocket, and can be exploited by an attacker to inject HTML into a user's message, redirecting the intended victim...
Apache Pulsar WebSocket Proxy Denial of Service Vulnerability
Apache Pulsar is a U.S. Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as a distributed message flow platform. A denial of service vulnerability exists in Apache Pulsar WebSocket Proxy, which can be exploited by an attacker to cause a...
GHSA-JJ93-39PF-7MCF bsock uses weak hashing algorithms
An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-50475
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
CVE-2023-50475
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...
PT-2023-31575 · Bcoin +1 · Bcoin +1
Name of the Vulnerable Software and Affected Versions: bcoin versions 2.2.0 Description: An issue was discovered that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component vendorfaye-websocket.js. This issue affects the bsock component...
Bcoin Security Breach
Bcoin is an alternative implementation of the Bitcoin protocol open-sourced by Bcoin. A security vulnerability exists in Bcoin version 2.2.0, which stems from a vulnerability that allows remote attackers to obtain sensitive information via a weak hash algorithm in the component...
com.datastax.oss:pulsar-jms-filters (>=4.0.0 <=4.0.1), io.streamnative.oss:pulsar-jms-filters (=4.0.5) +8 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (=3.0.0)
org.apache.pulsar:pulsar-websocket MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-websocket and may be impacted: - com.datastax.oss:pulsar-jms-filters =4.0.0, =4.0.1 - io.streamnative.oss:pulsar-jms-filter...
com.clever-cloud:biscuit-pulsar (=3.2.1), com.github.shoothzj:test-pulsar (>=3.1.12 <=3.1.15) +12 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=1.19.0-incubating <=2.10.4)
org.apache.pulsar:pulsar-websocket MAVEN version =1.19.0-incubating, =3.1.12, =0.0.1, =2.0.0-rc1-incubating, =1.19.0-incubating, =1.19.0-incubating, =2.10.0, =2.10.0, =2.0.0-rc1-incubating, =2.10.0, =2.10.0, =1.19.0-incubating, =1.0.0, =1.1.0 Source cves: CVE-2023-37544 Source advisory:...
io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker (>=2.11.0 <=2.11.1) +7 more potentially affected by CVE-2023-37544 via org.apache.pulsar:pulsar-websocket (>=2.11.0 <=2.11.1)
org.apache.pulsar:pulsar-websocket MAVEN version =2.11.0, =0.0.4, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 Source cves: CVE-2023-37544 Source advisory: OSV:GHSA-83Q5-WHQP-R8JR...
GHSA-83Q5-WHQP-R8JR Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...