PT-2023-12449 · Unknown · Onlyoffice

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth,...

CVE-2023-23602

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

Debian DSA-5322-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5322 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox DataTransfer.setData...

Denial Of Service (DoS)

mercurius is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an application crash via sending a malformed packet over WebSocket to /graphql resulting in Denial of Service...

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

UBUNTU-CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

Mozilla Firefox ESR < 102.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...

GHSA-CM8H-Q92V-XCFC mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

CVE-2023-22477

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

Code injection

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

Mercurius 安全漏洞

Mercurius is a GraphQL adapter Fastify. A security vulnerability exists in Mercurius versions prior to 10.5.0, which is caused by a denial of service attack when any user sends an incorrectly formatted packet to "/graphql" via WebSocket...

PT-2023-10141 · Lukehutch · Gribbit

Name of the Vulnerable Software and Affected Versions: lukehutch Gribbit affected versions not specified Description: A problematic issue was found in lukehutch Gribbit, affecting the messageReceived function of the file src/gribbit/request/HttpRequestHandler.java. This issue leads to missing...

PT-2023-18529 · Mercurius · Mercurius

Name of the Vulnerable Software and Affected Versions: Mercurius versions prior to 11.5.0 Description: Mercurius is a GraphQL adapter for Fastify. The issue allows for a denial of service attack by sending a malformed packet over WebSocket to "/graphql". This can affect any users of Mercurius...

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

PT-2022-9020 · Unknown · Destiny.Gg Chat

Name of the Vulnerable Software and Affected Versions: destiny.gg chat affected versions not specified Description: A vulnerability was found in the destiny.gg chat, affecting the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery, and the attack...