5383 matches found
PT-2023-15099 · Vocera · Vocera Voice Server +2
Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Path Traversal via the filename provided for the "restore SQL data" functionality. The Vocera Report Console contains a...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
CVE-2022-46902
CVE-2022-46902 relates to Vocera Report Server/Voice Server 5.x–5.8. The issue is a path traversal vulnerability in an unzip operation used during a ZIP-based database restore via the Vocera Report Console’s websocket function. During extraction, the code uses file paths from the ZIP without suff...
PT-2023-15103 · Vocera · Vocera Voice Server +2
Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for a Path Traversal during an Unzip operation. The Vocera Report Console contains a websocket function that allows for the...
CVE-2022-46901
CVE-2022-46901 affects Vocera Report Server and Voice Server 5.x through 5.8. The issue is an Access Control Violation for database operations via the Vocera Report Console’s websocket interface, which permits unauthenticated execution of tasks and database functions, including system tasks and a...
Vocera Report Server 路径遍历漏洞
Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8, which stems from the fact that the Vocera...
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
CVE-2023-3581
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
Code injection
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
CVE-2023-3581 WebSockets accept connections from HTTPS origin
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
CVE-2023-3581 WebSockets accept connections from HTTPS origin
Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...
CVE-2023-3581
CVE-2023-3581 affects Mattermost. The issue is that the product fails to properly validate the origin of a websocket connection, which can allow a Man-In-The-Middle (MITM) attacker to access the websocket APIs. Concrete details across connected sources consistently describe this as an origin-vali...
Mattermost 访问控制错误漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authenticate the origin of a Websocket connection, allowing an attacker to access the Websocket API...
PT-2023-25327 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to Mattermost failing to properly validate the origin of a websocket connection. This allows a Man-In-The-Middle MITM attacker on Mattermost to access the websocket...
Mattermost 信任管理问题漏洞
Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost iOS that stems from a failure to properly validate server certificates when initializing a TLS connection, allowing an attacker to intercept WebSockets connections...
Protect
An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...
Fortinet Fortigate Existing websocket connection persists after deleting API admin (FG-IR-23-028)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute...
ADC LB VIP sending Reset with code 9872
1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...
Ubuntu 16.04 ESM / 18.04 ESM : Gorilla WebSocket vulnerability (USN-6208-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6208-1 advisory. It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash,...
Ubuntu: Security Advisory (USN-6208-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...