CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

CVE-2018-10609

CVE-2018-10609 affects Martem TELEM-GW6/GWM devices; vulnerability lies in improper sanitization of data over WebSocket, enabling cross-site scripting and client-side code execution with target user privileges. Affected firmware: GW6/GWM

Debian DLA-1453-1 : tomcat7 security update

The host name verification in Tomcat when using TLS with the WebSocket client was missing. It is now enabled by default. For Debian 8 'Jessie', this problem has been fixed in version 7.0.56-3+really7.0.90-1. We recommend that you upgrade your tomcat7 packages. NOTE: Tenable Network Security has...

Code injection

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

UBUNTU-CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

DEBIAN-CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-2670

Concretely affected software: Undertow (undertow-core) prior to version 1.3.28. Root cause: non-clean TCP close leads the WebSocket server to enter an infinite loop on every IO thread, causing a Denial of Service. Impact: availability degradation/high severity DoS; observed in multiple advisories...

CVE-2017-2670

It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

The vulnerability of the console-io command shell in Node.js, related to authentication process flaws, allows attackers to execute arbitrary code.

The vulnerability of the console-io command shell for Node.js is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by connecting to the console using websocket...

Inteno IOPSYS - (Authenticated) Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-json" re...

Ubuntu 14.04 LTS / 16.04 LTS : Tomcat vulnerabilities (USN-3723-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3723-1 advisory. It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause...

USN-3723-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. CVE-2018-1336 It was discovered that the Tomcat WebSocket client incorrectly performed hostname verificatio...

USN-3723-1 tomcat7, tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled decoding certain UTF-8 strings. A remote attacker could possibly use this issue to cause Tomcat to crash, resulting in a denial of service. CVE-2018-1336 It was discovered that the Tomcat WebSocket client incorrectly performed hostname verificatio...

Denial of Service in nes

Affected versions of nes are vulnerable to denial of service when given an invalid cookie header, and websocket authentication is set to cookie. Submitting an invalid cookie on the websocket upgrade request will cause the node process to throw and exit. Recommendation Update to version 6.4.1 or...