5401 matches found
Fedora: Security Advisory for rubygem-actioncable (FEDORA-2023-4f0bb4ff5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: rubygem-actioncable-7.0.7.2-1.fc39
Structure many real-time application concerns into channels over a single WebSocket connection...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
Cross site scripting
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
UBUNTU-CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross‑Site WebSocket Hijacking vulnerability due to missing header validation. This is documented across multiple sources (NVD entry confirms the issue and impact; connected references point to Movim commits related to the vulnerability). Affected comp...
CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation...
Movim Access Control Error Vulnerability
Movim is a syndicated blogging and chat platform that acts as a web front end for the XMPP protocol. A security vulnerability exists in Movim versions prior to 0.22Z, which stems from a lack of header validation, leading to a cross-site WebSocket hijacking issue...
PT-2023-21749 · Movim · Movim
Name of the Vulnerable Software and Affected Versions: Movim versions prior to 0.22 Description: The issue is related to a Cross-Site WebSocket Hijacking vulnerability due to missing header validation. Recommendations: For versions prior to 0.22, update to version 0.22 or later to resolve the...
SSLVPN error "Websocket connection failed: Connection closed before receiving a handshake responser"
After VPN tunnel established to NetScaler gateway, user encounter access issue s to backend server with error message: "Websocket connection to 'ws:///ws/notification/site-msg/' failed: Connection closed before receiving a handshake responser"...
Oracle Linux 7 : tomcat (ELSA-2020-4004)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4004 advisory. - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS - Resolves: CVE-2020-9484 tomca...
Oracle Linux 7 : tomcat (ELSA-2019-2205)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2205 advisory. - Resolves: rhbz1641873 CVE-2018-11784 tomcat: Open redirect in default servlet - Resolves: rhbz1552375 CVE-2018-1304 tomcat: Incorrect handling of emp...
Fedora: Security Advisory for libwebsockets (FEDORA-2023-6a87c003c4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: libwebsockets-4.3.2-5.fc38
This is the libwebsockets C library for lightweight websocket clients and servers...
HTML5 external users are not able to launch applications via Netscaler Gateway, Workspace works.
Users connecting externally are not able to launch connections with the Light HTML5 browser access but are able to launch with the Workspace App. Error displayed: "Citrix Workspace app cannot connect to the server. Please check your network connection or contact your help desk for assistance."...
The vulnerability of the WebSocket component of the cross-platform development framework for Qt software, which allows a hacker to trigger a service failure.
The vulnerability of the WebSocket component of the cross-platform software development framework for Qt is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Insufficient Session Expiration
github.com/argoproj/argo-cd is vulnerable to Insufficient Session Expiration. The vulnerability exists because web terminal sessions in the library do not expire, which allows an attacker to send a websocket messages even if the token has already expired, leading to sensitive information...
CVE-2023-40025 Argo CD web terminal session doesn't expire
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...
CVE-2023-40025 Argo CD web terminal session doesn't expire
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...
CVE-2023-40025 Argo CD web terminal session doesn't expire
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most...