Lucene search
K

5401 matches found

Vulnrichment
Vulnrichment
added 2023/10/19 6:38 p.m.20 views

CVE-2023-45820 Directus crashes on invalid WebSocket message

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has...

5.9CVSS6.6AI score0.00689EPSS
Exploits1References2
CVE
CVE
added 2023/10/19 6:38 p.m.56 views

CVE-2023-45820

Directus is vulnerable to a DoS via invalid WebSocket frames. When websockets are enabled, receiving an invalid frame can crash the Directus server, leading to high availability impact. The issue affects Directus installations with websockets enabled and has been addressed in version 10.6.2; upgr...

6.5CVSS6.2AI score0.00689EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.2 views

Directus Security Vulnerabilities

Directus is a real-time Api and application dashboard. It is used to manage Sql database content. A security vulnerability exists in Directus that stems from the fact that any Websocket-enabled Directus installation may crash if the Websocket server receives invalid frames...

6.5CVSS6.8AI score0.00689EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.5 views

Home Assistant Security Breach

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home assistant versions prior to 2023.8.0, which stems from a vulnerability that allows an attacker to create a malicious link...

9.6CVSS6.7AI score0.0095EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.4 views

PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1

Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...

9CVSS8.8AI score0.00271EPSS
Exploits0References9
Hacker One
Hacker One
added 2023/10/15 12:44 p.m.3 views

Bykea: Exposed trip_no in WebSocket Responses Leading to Excessive information Disclosure

The vulnerability in Bykea's WebSocket implementation was that the tripno identifier was exposed to drivers before a bid was accepted. This identifier could be used to access customer tracking URLs, revealing excessive information of the customers to unauthorized drivers. The issue was resolved b...

6.6AI score
Exploits0
OpenVAS
OpenVAS
added 2023/10/04 12:0 a.m.13 views

Fedora: Security Advisory for rust-tokio-tungstenite (FEDORA-2023-9c4142423a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.0162EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/10/04 12:0 a.m.16 views

Fedora: Security Advisory for rust-tungstenite (FEDORA-2023-9c4142423a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.0162EPSS
Exploits1References2
Fedora
Fedora
added 2023/10/03 2:23 a.m.33 views

[SECURITY] Fedora 38 Update: rust-tokio-tungstenite-0.20.1-1.fc38

Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...

7.5CVSS7.1AI score0.0162EPSS
Exploits1
Fedora
Fedora
added 2023/10/03 12:44 a.m.16 views

[SECURITY] Fedora 37 Update: rust-tungstenite-0.20.1-1.fc37

Lightweight stream-based WebSocket implementation...

7.5CVSS7.1AI score0.0162EPSS
Exploits1
Fedora
Fedora
added 2023/10/03 12:44 a.m.24 views

[SECURITY] Fedora 37 Update: rust-tokio-tungstenite-0.20.1-1.fc37

Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...

7.5CVSS7.1AI score0.0162EPSS
Exploits1
OpenVAS
OpenVAS
added 2023/10/01 12:0 a.m.19 views

Fedora: Security Advisory (FEDORA-2023-91a66898d2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.0162EPSS
Exploits1References2
Fedora
Fedora
added 2023/09/29 12:21 a.m.31 views

[SECURITY] Fedora 39 Update: rust-tokio-tungstenite-0.20.1-1.fc39

Tokio binding for Tungstenite, the Lightweight stream-based WebSocket implementation...

7.5CVSS7.1AI score0.0162EPSS
Exploits1
Fedora
Fedora
added 2023/09/29 12:21 a.m.40 views

[SECURITY] Fedora 39 Update: rust-tungstenite-0.20.1-1.fc39

Lightweight stream-based WebSocket implementation...

7.5CVSS7.1AI score0.0162EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.51 views

Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-008)

The version of tomcat installed on the remote host is prior to 9.0.73-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2023-008 advisory. A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker...

7.5CVSS7AI score0.87553EPSS
Exploits2References14
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Important: tomcat

Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...

7.5CVSS6.9AI score0.87553EPSS
Exploits2
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Important: tomcat

Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...

7.5CVSS6.8AI score0.10997EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.3 views

Important: tomcat

Issue Overview: A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The...

7.5CVSS6.8AI score0.10997EPSS
Exploits0
Amazon
Amazon
added 2023/09/25 12:0 a.m.8 views

Important: tomcat

Issue Overview: A privilege escalation flaw was found in Tomcat when the JMX Remote Lifecycle Listener was enabled. A local attacker without access to the Tomcat process or configuration files could be able to manipulate the RMI registry to perform a man-in-the-middle attack. The attacker could...

7.5CVSS6.9AI score0.87553EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2023/09/21 6:15 a.m.5 views

CVE-2023-43669

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service minutes of CPU consumption via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted e.g., thousands of times and the average amount...

7.5CVSS5.8AI score0.0162EPSS
Exploits1References16
Rows per page
Query Builder