6 matches found
CVE-2025-27851
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...
Cisco IOS XE 数据伪造问题漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE Software suffers from a Data Forgery Issue vulnerability that stems from...
Exploit for Cross-Site Request Forgery (CSRF) in Eclipse Che
CSWSH-THEIA-CVE-2020-14368 - Report target: Eclipse CHE deplo...
Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated OpenStack Compute nova packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...
openstack-nova: console Cross-Site WebSocket hijacking
It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...