5318 matches found
PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1
Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...
Home Assistant Security Breach
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.8.0, which stems from a vulnerability that allows an attacker to create a malicious link...
Bykea: Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure
The vulnerability in Bykea's WebSocket implementation was that the tripno identifier was exposed to drivers before a bid was accepted. This identifier could be used to access customer tracking URLs, revealing excessive information of the customers to unauthorized drivers. The issue was resolved b...
Fedora: Security Advisory for rust-tokio-tungstenite (FEDORA-2023-9c4142423a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-tungstenite (FEDORA-2023-9c4142423a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rust-tokio-tungstenite-0.20.1-1.fc38
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 37 Update: rust-tungstenite-0.20.1-1.fc37
Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 37 Update: rust-tokio-tungstenite-0.20.1-1.fc37
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
Fedora: Security Advisory (FEDORA-2023-91a66898d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rust-tungstenite-0.20.1-1.fc39
Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 39 Update: rust-tokio-tungstenite-0.20.1-1.fc39
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-008)
The version of tomcat installed on the remote host is prior to 9.0.73-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-008 advisory. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker...
Important: tomcat
Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...
Important: tomcat
Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...
Important: tomcat
Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...
Important: tomcat
Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...
Fedora: Security Advisory for rubygem-actioncable (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rubygem-actioncable-7.0.7.2-1.fc39
Structure many real-time application concerns into channels over a single WebSocket connection...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...