Lucene search
K

5383 matches found

Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.1 views

PT-2023-15099 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for Path Traversal via the filename provided for the "restore SQL data" functionality. The Vocera Report Console contains a...

9.8CVSS7AI score0.00683EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/07/25 12:0 a.m.17 views

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

7.3AI score0.00683EPSS
Exploits0References2
CVE
CVE
added 2023/07/25 12:0 a.m.2502 views

CVE-2022-46902

CVE-2022-46902 relates to Vocera Report Server/Voice Server 5.x–5.8. The issue is a path traversal vulnerability in an unzip operation used during a ZIP-based database restore via the Vocera Report Console’s websocket function. During extraction, the code uses file paths from the ZIP without suff...

7.5CVSS7.7AI score0.00532EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.5 views

PT-2023-15103 · Vocera · Vocera Voice Server +2

Name of the Vulnerable Software and Affected Versions: Vocera Report Server and Voice Server versions 5.x through 5.8 Description: An issue was discovered that allows for a Path Traversal during an Unzip operation. The Vocera Report Console contains a websocket function that allows for the...

9.8CVSS7.2AI score0.00683EPSS
Exploits0References6
CVE
CVE
added 2023/07/25 12:0 a.m.2501 views

CVE-2022-46901

CVE-2022-46901 affects Vocera Report Server and Voice Server 5.x through 5.8. The issue is an Access Control Violation for database operations via the Vocera Report Console’s websocket interface, which permits unauthenticated execution of tasks and database functions, including system tasks and a...

7.5CVSS7.6AI score0.00514EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2023/07/25 12:0 a.m.8 views

Vocera Report Server 路径遍历漏洞

Vocera Report Server is a reporting application from Vocera USA. It is used to collect data from data logs created by Vocera system software and to build reports. A security vulnerability exists in Vocera Report Server and Voice Server versions 5.x - 5.8, which stems from the fact that the Vocera...

9.8CVSS7.2AI score0.00683EPSS
Exploits0References3
NVD
NVD
added 2023/07/17 4:15 p.m.14 views

CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

8.1CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2023/07/17 4:15 p.m.9 views

CVE-2023-3581

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

8.1CVSS7AI score
Exploits0References1
Prion
Prion
added 2023/07/17 4:15 p.m.19 views

Code injection

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

5.1CVSS7.9AI score0.00219EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/17 3:20 p.m.23 views

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

6.2CVSS8.2AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/17 3:20 p.m.19 views

CVE-2023-3581 WebSockets accept connections from HTTPS origin

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs...

6.2CVSS6.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2023/07/17 3:20 p.m.2488 views

CVE-2023-3581

CVE-2023-3581 affects Mattermost. The issue is that the product fails to properly validate the origin of a websocket connection, which can allow a Man-In-The-Middle (MITM) attacker to access the websocket APIs. Concrete details across connected sources consistently describe this as an origin-vali...

8.1CVSS7AI score0.00219EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Mattermost 访问控制错误漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost suffers from a security vulnerability that stems from an inability to properly authenticate the origin of a Websocket connection, allowing an attacker to access the Websocket API...

8.1CVSS7.7AI score0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.4 views

PT-2023-25327 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue is related to Mattermost failing to properly validate the origin of a websocket connection. This allows a Man-In-The-Middle MITM attacker on Mattermost to access the websocket...

8.1CVSS7.7AI score0.00219EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Mattermost 信任管理问题漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost iOS that stems from a failure to properly validate server certificates when initializing a TLS connection, allowing an attacker to intercept WebSockets connections...

8.1CVSS7.7AI score0.00289EPSS
Exploits0References2
Fortinet
Fortinet
added 2023/07/11 12:0 a.m.51 views

Protect

An insufficient session expiration CWE-613 vulnerability in FortiOS REST API may allow an attacker to keep a secure websocket session active after user deletion...

7.5CVSS8.8AI score0.0043EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/11 12:0 a.m.168 views

Fortinet Fortigate Existing websocket connection persists after deleting API admin (FG-IR-23-028)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-028 advisory. - An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute...

9.8CVSS8.6AI score0.0043EPSS
Exploits0References2
Citrix
Citrix
added 2023/07/10 12:0 a.m.5 views

ADC LB VIP sending Reset with code 9872

1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/10 12:0 a.m.28 views

Ubuntu 16.04 ESM / 18.04 ESM : Gorilla WebSocket vulnerability (USN-6208-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6208-1 advisory. It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash,...

7.5CVSS6.7AI score0.02342EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/07/07 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-6208-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.02342EPSS
Exploits0References2
Rows per page
Query Builder