CVE-2019-20801

CVE-2019-20801 affects the Readdle Documents iOS app up to version 6.9.7. The file-transfer web server allows cross-origin requests from any domain, and the WebSocket server lacks authorization control, enabling any website to execute JavaScript that can access a user’s data via cross-origin requ...

PlayStation: Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application

Summary The PlayStation Now application version 11.0.2 is vulnerable to remote code execution RCE. Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable websocket connection. 1. The local websocket server at localhost:1235 does not check...

GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

Man-in-the-Middle (MitM)

Java-Websocket is vulnerable to Man-in-the-Middle MitM. The SSL hostname validation is not enabled by default, allowing an attacker to perform a man-in-the-middle attack to intercept and modify network traffic...

Java-WebSocket Trust Management Issue Vulnerability

Java-WebSocket is a WebSocket client and server implementation written in Java language . A security vulnerability exists in Java-WebSocket 1.4.1 and earlier versions that stems from WebSocketClient failing to validate SSL hostnames. No details of the vulnerability are provided at this time...

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

Input validation

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

CVE-2020-11050 Improper Validation of Certificate with Host Mismatch in Java-WebSocket

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

CVE-2020-11050

The CVE-2020-11050 vulnerability affects Java-WebSocket

EulerOS Virtualization for ARM 64 3.0.2.0 : libsoup (EulerOS-SA-2020-1543)

According to the version of the libsoup package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - WebCore/platform/network/soup/SocketStreamHandleImplSou p.cpp in the libsoup network backend of WebKit, as used in...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2020-1543)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nuri: GraphQL introspection query works through unauthenticated WebSocket

Summary: It is possible to execute GraphQL introspection query through unauthenticated WebSocket connection. PoC included. Steps To Reproduce: To simplify reproducing I provided a simple html PoC file. 1. Start python static http server in directory with poc file: python3 -m http.server this step...

Critical: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container

Red Hat Ansible Tower 3.6.4-1 - RHEL7 Container Added additional metrics to the Prometheus /api/v2/metrics/ endpoint for reporting remaining instance capacity Fixed Tower to allow users to subscribe to playbook output in organizations they do not have RBAC access to via Towers websocket interface...

GitHub Security Lab: Initial websocket support for Javascript (SockJS)

This bug was reported directly to GitHub Security Lab...

Ascensio System ONLYOFFICE Document Server SQL Injection Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A SQL injection vulnerability exists in Ascensio System ONLYOFFICE Document Server versi...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...

Sql injection

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...