Lucene search
K

5373 matches found

RedHat Linux
RedHat Linux
added 2023/01/25 3:30 p.m.8 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/25 3:18 p.m.4 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.37 views

SUSE SLES15: ruby2.5-rubygem-websocket-extensions / etc (SUSE-SU-2023:0127-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0127-1 advisory. - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker bsc1172445. Tenable has...

7.5CVSS7.2AI score0.04404EPSS
Exploits1References4
Veracode
Veracode
added 2023/01/24 8:59 p.m.26 views

Information Disclosure

firefox is vulnerable to Information Disclosure. A mishandled security check when creating a WebSocket in a WebWorker caused the content security Policy connect-src header to be ignored leading to connections to be restricted from inside WebWorkers...

6.5CVSS0.7AI score0.00601EPSS
Exploits0References5Affected Software6
OSV
OSV
added 2023/01/24 12:23 p.m.6 views

SUSE-SU-2023:0127-1 Security update for rubygem-websocket-extensions

This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker bsc1172445...

7.5CVSS7.6AI score0.04404EPSS
Exploits1References3
OSV
OSV
added 2023/01/24 7:58 a.m.8 views

MGASA-2023-0018 Updated firefox packages fix security vulnerability

A vulnerability was found in NSS. The NSS client auth crashes without a user certificate in the database, leading to a segmentation fault or crash CVE-2022-3479. An out of date library libusrsctp contained vulnerabilities that could potentially be exploited CVE-2022-46871. By confusing the browse...

8.8CVSS8.1AI score0.00892EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.60 views

Oracle Linux 7 : firefox (ELSA-2023-0296)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-0296 advisory. 102.7.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs....

8.8CVSS7.9AI score0.00892EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2023/01/23 10:5 a.m.5 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 10:3 a.m.6 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:26 a.m.6 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:23 a.m.5 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/01/23 9:21 a.m.3 views

Mozilla: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.5CVSS7.2AI score0.00601EPSS
Exploits0References6
OSV
OSV
added 2023/01/23 6:29 a.m.9 views

USN-5816-1 firefox vulnerabilities

Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. CVE-2023-23597 Tom...

8.8CVSS7.1AI score0.00702EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/01/23 12:0 a.m.4 views

PT-2023-12449 · Unknown · Onlyoffice

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE all versions as of 2021-11-08 Description: The issue is related to Incorrect Access Control, allowing an attacker to authenticate with the web socket service of the ONLYOFFICE document editor. This service is protected by JWT auth,...

9.8CVSS7.1AI score0.01707EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

ONLYOFFICE 授权问题漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from being affected by incorrect access control. An attacker can use the default JWT signature key to authenticate to the Web...

9.8CVSS8.4AI score0.01707EPSS
Exploits0References4
CVE
CVE
added 2023/01/23 12:0 a.m.60 views

CVE-2021-43445

ONLYOFFICE WebSocket authentication can be bypassed due to a default JWT signing key, affecting all versions up to 2021-11-08. The flaw is incorrect access control in the ONLYOFFICE document editor’s WebSocket service, allowing an unauthenticated attacker to gain privileged access by using the de...

9.8CVSS9.4AI score0.01707EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.44 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5816-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5816-1 advisory. Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new...

8.8CVSS8.2AI score0.00702EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2023/01/19 12:6 p.m.37 views

CVE-2023-23602

The Mozilla Foundation Security Advisory describes this flaw as: A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers...

6.1CVSS1.7AI score0.00601EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/19 12:0 a.m.41 views

Debian DSA-5322-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5322 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox DataTransfer.setData...

8.8CVSS8.2AI score0.00892EPSS
Exploits0References17
Veracode
Veracode
added 2023/01/18 12:53 a.m.27 views

Denial Of Service (DoS)

mercurius is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an application crash via sending a malformed packet over WebSocket to /graphql resulting in Denial of Service...

7.5CVSS7.1AI score0.01056EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder