Spring Framework 输入验证错误漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

Cross site scripting

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...

tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS

A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...

Aethon TUG Home Base Server 安全漏洞

Aethon TUG Home Base Server is a robotics server from Aethon, Inc. It is used to control and communicate with autonomous mobile robots. Aethon TUG Home Base Server has a security vulnerability that originates from an unauthenticated attacker being able to connect to the TUG Home Base Server...

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

openSUSE 15 Security Update : weechat (openSUSE-SU-2022:0083-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0083-1 advisory. - WeeChat before 3.2.1 allows remote attackers to cause a denial of service crash via a crafted WebSocket frame that trigger an out-of-bounds read i...

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

Design/Logic Flaw

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

GO-2021-0321

An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification...

Information Disclosure

FreeTAKServer-UI is vulnerable to information disclosure. The vulnerability exists because it exposes sensitive API and Websocket keys through the leakage of the RestAPI and Websocket tokens in WebUI...

FreeTAKServer-UI Information Disclosure Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...