CVE-2020-24548

The CVE-2020-24548 entry concerns Ericom Access Server 9.2.0 (AccessNow and Ericom Blaze). A Server-Side Request Forgery (SSRF) vulnerability enables the server to initiate outbound WebSocket connections to arbitrary TCP ports. The issue is evidenced by the application providing a generic “Cannot...

CVE-2020-24548

Ericom Access Server 9.2.0 for AccessNow and Ericom Blaze allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports...

Debian: Security Advisory (DLA-2334-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2334-1 : ruby-websocket-extensions security update

It was discovered that there was a denial of service vulnerability in ruby-websocket-extensions, a library for managing long-lived HTTP 'WebSocket' connections. The parser took quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte...

[SECURITY] [DLA 2334-1] ruby-websocket-extensions security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2334-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 19, 2020 https://wiki.debian.org/LTS -...

DLA-2334-1 ruby-websocket-extensions - security update

Bulletin has no description...

Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

MGASA-2020-0331 Updated tomcat packages fix security vulnerability

A specially crafted sequence of HTTP/2 requests could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive CVE-2020-11996. An h2c direct connection did not release the HTTP/1.1 processo...

Important: Red Hat Security Advisory: libvncserver security update

An update for libvncserver is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

libvncserver: websocket decoding buffer overflow

A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...

Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat to v8.5.57 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerabilities CVE-2020-9484, CVE-2020-11996, CVE-2020-13934, and CVE-2020-13935 in Apache Tomcat. Vulnerability Details CVEID: CVE-2020-13934...

Oracle Linux 8 : libvncserver (ELSA-2020-3385)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3385 advisory. 0.9.11-15.1 - Fix NVR Related: 1852356 0.9.11-15 - Fix CVE-2017-18922 Resolves: 1852356 Tenable has extracted the preceding description block directly from the...

libvncserver: websocket decoding buffer overflow

A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...

Important: Red Hat Security Advisory: libvncserver security update

An update for libvncserver is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: libvncserver security update

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fixes: libvncserver: websocket decoding buffer overflow CVE-2017-18922 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

RHEL 8 : libvncserver (RHSA-2020:3385)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3385 advisory. LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fixes: libvncserver: websocket decodin...

File Upload Vulnerability in WeLive Online Customer Service System of Beijing Wein Software

WeLive customer service system uses WebSocket communication technology, based on PHP development, does not rely on the official server. It supports full-duplex communication between the client browser and the remote host, that is, it allows the server to actively push information to the client,...

CentOS: Security Advisory for libvncserver (CESA-2020:3281)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...