5292 matches found
Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center
Summary Improper authentication of a websocket endpoint in IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2020-4771 DESCRIPTION: IBM Spectrum Protect Operations Center could allow a remote attacker to obtain...
CVE-2020-4771
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
Authentication flaw
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
CVE-2020-4771
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
CVE-2020-4771
IBM Spectrum Protect Operations Center contains a vulnerability (CVE-2020-4771) where improper authentication of a websocket endpoint could allow a remote attacker to obtain sensitive information by subscribing to the websocket event stream. Affected versions are IBM Spectrum Protect Operations C...
IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2020-67638)
IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...
IBM Spectrum Protect Operations Center 授权问题漏洞
IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...
Security Bulletin: CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated
Summary The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a...
tomcat: request mixup
A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...
Moderate: Red Hat Security Advisory: qt5-qtbase and qt5-qtwebsockets security and bug fix update
An update for qt5-qtbase, qt5-qttools, and qt5-qtwebsockets is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2401)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...
ALSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...
RLSA-2020:4690 Moderate: qt5-qtbase and qt5-qtwebsockets security and bug fix update
Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fixes: qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and...
EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2020-2401)
According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 an...
Exploit for Infinite Loop in Apache Tomcat
Exploit for WebSocket Vulnerability in Apache Tomcat CVE-2020...
Shopify: Staff with no permissions can listen to Shopify Ping conversations by registering to its different WebSocket Events
By registering to a few different Shopify Ping Websocket Events on the wss://argus.shopifycloud.com/graphql?shopid=id endpoint, a staff without any permission can listen to conversions with customers. Steps to reproduce 1. With a staff that doesn't have any permissions, login into the shop admin ...
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2020-2274)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : tomcat (EulerOS-SA-2020-2274)
According to the version of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 an...
CVE-2020-5931
On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...