CVE-2020-7881

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by "FanTicket" field. It is because of stored data without...

CVE-2020-7881

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by "FanTicket" field. It is because of stored data without...

Stack overflow

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by "FanTicket" field. It is because of stored data without...

CVE-2020-7881 AfreecaTV streamer service stack-based buffer overflow

The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by "FanTicket" field. It is because of stored data without...

CVE-2021-32755 Certificate pinning is not enforced on the web socket connection

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new...

ICSA-21-110-02_Rockwell Automation Stratix Switches

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/ Low attack complexity Vendor: Rockwell Automation Equipment: Stratix Switches Vulnerabilities: Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of...

CVE-2021-1403

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site WebSocket hijacking CSWSH attack and cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient HTTP protections in...

Ericom Access Server 9.2.0 Server-Side Request Forgery Exploit

Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target...

USN-4448-1 tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause Tomcat to hang, resulting in a denial of service. CVE-2020-13935 It was discovered that Tomcat incorrectly handled HTTP header parsing. In certain...

UBUNTU-CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

Improper Certificate Validation

Overview faye-websocket is a Standards-compliant WebSocket server and client. Affected versions of this package are vulnerable to Improper Certificate Validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS...

vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

Mattermost Server Access Control Error Vulnerability

Mattermost Server is the United States Mattermost company's set of open source messaging platform. An Access Control Error vulnerability exists in Mattermost Server versions prior to 5.18.0, which arises from a network system or product that does not properly restrict access to resources from...

ai.mrs:masons-java-sdk (>=1.0.0 <=1.2.3), app.keyconnect:keyconnect-chainbase (=1.0.0) +628 more potentially affected by CVE-2020-11050 via org.java-websocket:Java-WebSocket (>=1.3.0 <=1.4.1)

org.java-websocket:Java-WebSocket MAVEN version =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.1, =1.3-RELEASE, =1.2, =8.0.3, =8.0.3, =8.0.3, =8.0.3, =5.0.2, =1.0.3.1-JDK21, =1.0.3.2-JDK21 and more Source cves: CVE-2020-11050 Source advisory: OSV:GHSA-GW55-JM4H-X339...

CVE-2020-9345

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this...

Information Disclosure

nova is vulnerable to information disclosure. The vulnerability exists as the novncproxy tokens are logged in plaintext when it is sent through the web socket proxy...

Evoko Home Information Disclosure Vulnerability

Evoko Home is a smart home device. A security vulnerability exists in Evoko Home version 1.31. The vulnerability can be exploited by a remote attacker to obtain sensitive information via a WebSocket request...

tomcat: Host name verification missing in WebSocket client

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88...

VMware Fusion Virtual Machine Side Remote Code Execution Vulnerability

VMware Fusion is a virtual machine software for the Mac operating system from VMware. A remote code execution vulnerability exists on the virtual machine side of VMware Fusion, which can be exploited by an attacker to execute arbitrary code on all virtual machines with VMware Tools installed via...

CVE-2019-5514

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...