Heap overflow

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...

CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...

UBUNTU-CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...

CVE-2017-18922

CVE-2017-18922 : LibVNCServer’s websockets.c (prior to 0.9.12) is affected; multiple advisories report that malformed WebSocket frames can trigger a heap-based buffer overflow. The connected Nessus entries confirm affected packages across various distros (e.g., MiracleLinux, Alibaba Cloud Linux, ...

CVE-2017-18922

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...

Unspecified Vulnerability in Mattermost Server

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in the WebSocket functionality in Mattermost Server versions prior to 3.6.2, which stems from the program not following the same-origin policy. No details of the...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35455)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.3.0. An attacker could exploit the vulnerability by using the WebSocket feature to send a pop-up message to a user or change...

CVE-2017-18920

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

CVE-2016-11065

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance...

CVE-2016-11065

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance...

CVE-2016-11065

An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance...

CVE-2016-11065

Mattermost Server before 3.3.0 is affected. The vulnerability stems from the WebSocket feature allowing an attacker to send pop-up messages to users or alter a post’s appearance. The descriptions across connected documents confirm the affected software and the underlying impact, but do not specif...

CVE-2017-18920

Mattermost Server ≤ 3.6.1 suffers a Same Origin Policy weakness in the WebSocket feature. The vulnerability context is limited to Mattermost Server prior to version 3.6.2; no exploitation details are provided in the sources. Mitigation guidance (from publicly available references) is to upgrade t...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

Code injection

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...

CVE-2018-21260

CVE-2018-21260 affects Mattermost Server versions before 4.8.1, 4.7.4, and 4.6.3. The issue arises from WebSocket events being accidentally sent during certain user-management operations, leading to potential user-privacy disclosure. The available documents confirm the vulnerable component (Matte...

CVE-2018-21260

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy...