CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

Security Bulletin: PowerKVM is affected by a Qemu vulnerability (CVE-2015-1779)

Summary PowerKVM is vulnerable to Qemu vulnerability CVE-2015-1779. Vulnerability Details CVEID: CVE-2015-1779 DESCRIPTION: QEMU is vulnerable to a denial of service, caused by an error when processing incoming frames by the websocket frame decoder. A remote attacker from within the local network...

Nes has an unspecified vulnerability

Nes is a WebSocket adapter plugin for hapi routing. A security vulnerability exists in Nes 6.4.0 and earlier versions. When websocket authentication is set to 'cookie', an attacker can exploit the vulnerability by submitting an invalid cookie to shut down the node process...

CVE-2018-5153

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...

CVE-2018-5153

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...

Out-of-bounds

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...

CVE-2018-5153

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...

CVE-2018-5153

CVE-2018-5153 affects Mozilla Firefox before 60.0. When websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted, causing an out-of-bounds read and the read memory being sent back to the origin server. The issue is fixed in Firefox 60.0; upgrade to 6...

CVE-2018-11713

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by...

CVE-2017-16107

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

ws module remote memory leak vulnerability

The ws module is a Node.js WebSocket server implementation. A security vulnerability exists in the ping function in versions of the ws module prior to 1.0.0. An attacker can exploit this vulnerability to cause ws to send the contents of a buffer that has been allocated for use to the server,...

WebSocket Live Chat Cross-Site Scripting Vulnerability

WebSocket Live Chat is an instant messaging script that allows you to create groups and send individual messages. It is suitable for social messaging and live support systems. A cross-site scripting vulnerability exists in WebSocket Live Chat. An attacker could execute arbitrary code in a user's...

A MitM extension for Chrome

Browser extensions make our lives easier: they hide obtrusive advertising, translate text, help us choose in online stores, etc. There are also less desirable extensions, including those that bombard us with advertising or collect information about our activities. These pale into insignificance,...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2018-11788)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 60. The vulnerability can be exploited by remote attackers to obtain sensitive information binary data corruption and...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

Design/Logic Flaw

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2017-16025

Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to cookie. Submitting an invalid cookie on the websocket...

CVE-2017-16025

Summary : The vulnerability affects the Nes WebSocket extension for hapi. Versions up to and including 6.4.0 are susceptible to a denial-of-service when websocket authentication uses a cookie and an invalid cookie is submitted during the upgrade request, causing the node process to error/terminat...

Code injection

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections...