5272 matches found
DEBIAN-CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
CVE-2018-1257
CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...
CVE-2018-1257
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message ...
CVE-2018-5153
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...
UBUNTU-CVE-2018-5153
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...
CVE-2018-5153
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox 60...
KLA11246 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges, execute arbitrary code, perform XSS attacks and bypass security restrictions. Below is a complete list ...
Security vulnerabilities fixed in Firefox 60 — Mozilla
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially...
Trello: Websocket response message disclose existence of Organization ID or Board ID
I found that websocket response message can reaveal existence of ID of organization or board It is up and running in other domain. PoC ==================== connect websocket. var ws = new WebSocket"wss://trello.com/1/Session/socket?token="; ws.open = functionevent console.log''; ws.onmessage =...
spring-framework: Address partial fix for CVE-2018-1270
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
Cisco Firepower System Information Disclosure Vulnerability
Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco.Management Console is one of the management console programs. An information disclosure vulnerability exists in the management console of the Cisco Firepower System Software, which arises from failure to properl...
Cross site scripting
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2018-0278
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2018-0278
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2018-0278
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2018-0278
Affected product/area: Cisco Firepower System Software management console. Vulnerability summary: An information-disclosure vulnerability due to improper cross-origin protections for WebSocket in the management console could allow an unauthenticated, remote attacker to retrieve policy or configur...
Cisco Firepower System Software Cross-Origin Domain Protection Vulnerability
A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. The vulnerability is due to improper cross-origin domain protections for the WebSocket protocol. An attacker could exploit this...
CVE-2017-6910
The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise...
Design/Logic Flaw
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling...