LibVNCServer Buffer Overflow Vulnerability (CNVD-2020-36781)

LibVNCServer is a cross-platform C library that supports the implementation of VNC Virtual Network Computing server or client functionality in programs. A security vulnerability exists in the 'hybiReadAndDecode' function in the libvncserver/wsdecode.c file in versions of LibVNCServer prior to...

UBUNTU-CVE-2019-20840

An issue was discovered in LibVNCServer before 0.9.13. libvncserver/wsdecode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode...

Websocket Extensions Denial of Service (CVE-2020-7662; CVE-2020-7663)

A denial-of-service vulnerability exists in Websocket Extensions. Successful exploitation of this vulnerability could cause a denial-of-service condition...

CVE-2020-7663

A flaw was found in the websocket-extensions ruby module in versions prior to 0.1.5. The parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and another character. When abused by an...

Information Disclosure

apollo-server-cloudflare is vulnerable to information leakage. Lack of validation rules enforcement during the subscription server creation with NoInstrospection rule for websockets exposes GraphQL schema types, their relations, human-readable names and many More information on the references...

Information Exposure

Overview Versions of apollo-server-koa prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

Information Exposure

Overview Versions of apollo-server-fastify prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their...

Information Exposure

Overview Versions of apollo-server-cloud-functions prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, thei...

Introspection in schema validation in Apollo Server

We encourage all users of Apollo Server to read this advisory in its entirety to understand the impact. The Resolution section contains details on patched versions. Impact If subscriptions: false is passed to the ApolloServer constructor options, there is no impact. If implementors were not...

GHSA-G78M-2CHM-R7QV Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

Regular Expression Denial of Service in websocket-extensions (NPM package)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

GHSA-G6WQ-QCWM-J5G2 Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

Regular Expression Denial of Service in websocket-extensions (RubyGem)

Impact The ReDoS flaw allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a; b="\c\c\c\c\c\c\c\c\c\c ... That is, a header containing an unclosed string...

FreeBSD : websocket-extensions -- ReDoS vulnerability (ca8327f7-a5a5-11ea-a860-08002728f74c)

Changelog : Remove a ReDoS vulnerability in the header parser CVE-2020-7663 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrine and contributors Redistribution and use in sourc...

Regular Expression Denial Of Service (ReDoS)

websocket-extensions is vulnerable to regular expression denial of service ReDoS. The vulnerability exists in the regular expression used to parse quotes, allowing an unclosed string parameter value, of a repeating two-byte sequence of a backslash and another character, to parse in quadratic time...

Regular Expression Denial Of Service (ReDoS)

websocket-extensions is vulnerable to regular expression denial of service ReDoS. A regex backtracking is introduced due to the way the parser processes the Sec-WebSocket-Extensions header, using up quadratic time in a single-threaded server when an unclosed string parameter with repeating two-by...

websocket-extensions denial of service vulnerability

websocket-extensions is an open source WebSocket generic extension manager . A security vulnerability exists in websocket-extensions npm versions prior to 1.0.4. An attacker can exploit this vulnerability to cause a denial of service with the Sec-WebSocket-Extensions header...

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...