SUSE CVE-2019-11725

When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe resources and bypassing safebrowsing protections. This...

SUSE CVE-2020-7663

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

SUSE CVE-2020-13543

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

SUSE CVE-2020-13935

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

SUSE CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

SUSE CVE-2021-40516

WeeChat before 3.2.1 allows remote attackers to cause a denial of service crash via a crafted WebSocket frame that trigger an out-of-bounds read in plugins/relay/relay-websocket.c in the Relay plugin...

SUSE CVE-2021-42340

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was...

SUSE CVE-2022-37797

In lighttpd 1.4.65, modwstunnel does not initialize a handler function pointer if an invalid HTTP request websocket handshake is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition...

SUSE CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a remote attacker to obtain sensitive information, caused by storin...

Malicious code in websocket-cclient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3200072ca23fb3f9d041940f3e7bb0306e92c438c53c2d08cbb020c7879f835c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-cliet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06412b694edd65cdb47e2702e6629ceb27ac0ab4d17846860a687a380d14c94c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2382 Malicious code in websocket-cclient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3200072ca23fb3f9d041940f3e7bb0306e92c438c53c2d08cbb020c7879f835c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in wbesocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6c60c6db0775d255cacd994abea177ff1e76ffe4a4342cce2b5b0c17861f481 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-cllient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx db7751b36861392ace123440141ea620167cf864cb8690f562a26d303f21245e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2393 Malicious code in websocket-cllient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx db7751b36861392ace123440141ea620167cf864cb8690f562a26d303f21245e Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2419 Malicious code in wwebsocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c5641c17f0936710ba606db1f88a8a964d11f352cebacdcec2c1bf55889debfa Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2359 Malicious code in wbesocket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c6c60c6db0775d255cacd994abea177ff1e76ffe4a4342cce2b5b0c17861f481 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websockket-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 210c20f938d130131433fb60e01dc785b9036b14dc1181a1c71839013e80b26c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in websocket-lcient (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 06fe78dfaf7de4fc0f3b80d29f70f2adfac22a5446be0781ebadd88b23a66f2f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...