PT-2021-2553 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking CSWSH attack and cau...

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-902c1b07c9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-aiohttp-3.7.4-1.fc34

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webserve rs with middlewares and pluggable routing...

JFrog < 7.7.0 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.7.0. It is, therefore, affected by multiple vulnerabilities: - An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did no...

NewStart CGSL MAIN 6.02 : libvncserver Vulnerability (NS-SA-2021-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Multiple Vulnerabilities (NS-SA-2021-0028)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libvncserver Vulnerability (NS-SA-2021-0005)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploi...

NewStart CGSL MAIN 6.02 : qt5-qtwebsockets Vulnerability (NS-SA-2021-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has qt5-qtwebsockets packages installed that are affected by a vulnerability: - In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier...

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-673b10ed77)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

DEBIAN-CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Apache MyFaces 2.x Cross Site Request Forgery Vulnerability

PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger, Certitude Lab Introduction ------------...

Apache MyFaces 2.x Cross Site Request Forgery

Ceritude Securiy Advisory - CSA-2021-001 PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger,...

The vulnerability of the web-socket technology implementation in Google Chrome’s web browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Google Chrome web browser’s web socket technology lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Nextcloud: bypassing dashboard without account + Information disclosure trough websockets

Sumarry : I found a information disclosure for bypassing parameter url attacker can redirect to dashboard without login user/pass page and websocket can be exposed in response/dashboard. URL Effected https://support.nextcloud.com/passwordreset Steps To Reproduce: Opened directory at...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

Code injection

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

CVE-2021-22976

The CVE-2021-22976 issue affects F5 BIG-IP products with Advanced WAF/ASM. When the ASM system processes WebSocket requests containing JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the bd process, potentially impacting request processing latency. Affected...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...