Mellium 安全漏洞

Mellium is a feature that provides functionality from the Extensible Messaging and Presence Protocol. Mellium suffers from a security vulnerability that could be exploited by an attacker to redirect WebSocket connection requests to a server under their control without causing TLS certificate...

PT-2022-17018 · Mellium · Mellium

Name of the Vulnerable Software and Affected Versions: Mellium mellium.im/xmpp versions 0.21.0 and earlier Description: An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail...

AlmaLinux 8 : libvncserver (ALSA-2020:3385)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2020:3385 advisory. - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

GHSA-M7JV-HQ7H-MQ7C Infinite Loop in Apache Tomcat

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

Infinite Loop in Apache Tomcat

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of...

USN-5258-1 weechat vulnerabilities

Stuart Nevans Locke discovered that WeeChat's relay plugin insecurely handled malformed websocket frames. A remote attacker in control of a server could possibly use this issue to cause denial of service in a client. CVE-2021-40516 Stuart Nevans Locke discovered that WeeChat insecurely handled...

Mageia: Security Advisory (MGASA-2019-0213)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2015-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2013-0168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-46498

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsiwswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service DoS...

Unspecified Vulnerability in Mitsubishi Electric MC Works64

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MC Works64 that originates in ICONICS and the Mitsubishi Electric ICONICS product suite, where the FrameWorX server in the...

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

CVE-2022-23128

Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...

Mitsubishi Electric MC Works64 安全漏洞

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric MC Works64 that originates in ICONICS and the Mitsubishi Electric ICONICS product suite, where the FrameWorX server in the...

Security Bulletin: CVE-2021-42340 Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections.

Summary Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket connections. By sending a specially-crafted request using OutOfMemoryError, a remote attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:...

PT-2022-4676 · Libexpat +2 · Libexpat +2

Name of the Vulnerable Software and Affected Versions: Prosody affected versions not specified Description: The issue is related to the implementation of the WebSocket server module for Jabber/XMPP in Prosody, which is associated with incorrect restriction of XML links to external objects. This c...

Uncaught Exception in engine.io

Impact A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. RangeError: Invalid WebSocket frame: RSV2 and RSV3 must be clear at Receiver.getInfo /.../nodemodules/ws/lib/receiver.js:176:14 at Receiver.startLoop...

GHSA-7W54-GP8X-F33M Potential exposure of tokens to an Unauthorized Actor

Impact When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so...

Potential exposure of tokens to an Unauthorized Actor

Impact When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are multiple failed attempts to contact Replit through a WebSocket, the library will attempt to communicate using a fallback poll-based proxy. The URL of the proxy has changed, so...