Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET)

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548...

Core: AspNetCoreModule WebSocket DOS

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564...

Moderate: Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update

Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Apache 2.4.x < 2.4.16 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x installed on the remote host is prior to 2.4.16. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the luawebsocketread function in the 'modlua' module due to incorrect handling of WebSocket PING frames. A remote...

Missing Origin Validation in webpack-dev-server

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

GHSA-CF66-XWFP-GVC4 Missing Origin Validation in webpack-dev-server

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

The vulnerability of the Logitech Options peripheral control utility allows a hacker to execute arbitrary commands.

The vulnerability of the Logitech Options peripheral control utility lies in the lack of restrictions on the number of authentication attempts made through the WebSocket server. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted web page...

Logitech Options < 7.10.3 Remote Command Execution Vulnerability - Windows

Logitech Options is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Razer Cortex Debugger Remote Command Execution Vulnerability

Razer Cortex has a CEF debugger stub enabled by default allowing arbitrary remote command execution. Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on twitter that the software distributed by Razer for their gaming equipment migh...

Razer Cortex Debugger Remote Command Execution

Razer "Cortex" has CEF debugger stub enabled by default allowing arbitrary remote command execution. I was alerted on twitter that the software distributed by Razer for their gaming equipment might be unsafe, I downloaded the ones I could see online to take a look. I have only looked at "Cortex",...

Logitech Keystroke Injection Flaw Went Unaddressed for Months

Computer peripheral giant Logitech has finally issued a patched version of its Logitech Options desktop app, after being taken to task for a months-old security flaw. The bug could have allowed adversaries to launch keystroke injection attacks against Logitech keyboard owners that used the app...

spring-framework: ReDoS Attack with spring-messaging

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...

Code Sniffing

browserify-hms is vulnerable to code sniffing. The code sniffing is possible because WebSocket server for HMR Hot Module Replacement does not validate the origin of the request, allowing unauthorised users to access HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection fr...

Missing Origin Validation

Overview Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Missing Origin Validation

Overview Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Apache Tomcat 8.5.0 < 8.5.32 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.32. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in WebSocket client because host name verification is missing - A flaw exists in NIO/NIO2 connectors due to a mishandling of close that can...

Apache Tomcat 9.0.0.M1 < 9.0.10 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.x prior to 9.0.10. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in WebSocket client because host name verification is missing - A flaw exists in NIO/NIO2 connectors due to a mishandling of close that can...

Royal TSX - Information Disclosure

Royal TSX - Information Disclosure RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output = document.getElementById"output"; testWebSocket; function testWebSocket writeToScreen"Let's retrieve some data..."; websocket = new WebSocketwsUri; websocket.onopen =...

Missing Origin Validation

Overview Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

F5 Networks BIG-IP : TMM WebSocket vulnerability (K11718033)

In some circumstances, the Traffic Management Microkernel TMM does not properly handle certain malformed WebSocket requests/responses, which allows remote attackers to cause a denial of service DoS or possible remote code execution on the BIG-IP system. CVE-2018-5504 Impact This vulnerability...