5401 matches found
CVE-2023-45820 Directus crashes on invalid WebSocket message
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...
CVE-2023-45820
Directus is vulnerable to a DoS via invalid WebSocket frames. When websockets are enabled, receiving an invalid frame can crash the Directus server, leading to high availability impact. The issue affects Directus installations with websockets enabled and has been addressed in version 10.6.2; upgr...
Directus Security Vulnerabilities
Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus that stems from the fact that any Websocket-enabled Directus installation may crash if the Websocket server receives invalid frames...
Home Assistant Security Breach
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.8.0, which stems from a vulnerability that allows an attacker to create a malicious link...
PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1
Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...
Bykea: Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure
The vulnerability in Bykea's WebSocket implementation was that the tripno identifier was exposed to drivers before a bid was accepted. This identifier could be used to access customer tracking URLs, revealing excessive information of the customers to unauthorized drivers. The issue was resolved b...
Fedora: Security Advisory for rust-tokio-tungstenite (FEDORA-2023-9c4142423a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-tungstenite (FEDORA-2023-9c4142423a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: rust-tokio-tungstenite-0.20.1-1.fc38
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 37 Update: rust-tungstenite-0.20.1-1.fc37
Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 37 Update: rust-tokio-tungstenite-0.20.1-1.fc37
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
Fedora: Security Advisory (FEDORA-2023-91a66898d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rust-tokio-tungstenite-0.20.1-1.fc39
Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...
[SECURITY] Fedora 39 Update: rust-tungstenite-0.20.1-1.fc39
Lightweight stream-based WebSocket implementation...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-008)
The version of tomcat installed on the remote host is prior to 9.0.73-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-008 advisory. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker...
Important: tomcat
Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...
Important: tomcat
Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...
Important: tomcat
Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...
Important: tomcat
Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...
CVE-2023-43669
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...