5372 matches found
dotnet: ASP.NET Core WebSocket frame processing DoS
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...
Important: Red Hat Security Advisory: .NET 5.0 security and bugfix update
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
dotnet: ASP.NET Core WebSocket frame processing DoS
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...
dotnet: ASP.NET Core WebSocket frame processing DoS
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...
dotnet: ASP.NET Core WebSocket frame processing DoS
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...
jetty: Resource exhaustion when receiving an invalid large TLS frame
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...
tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS
A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...
Important: .NET Core 3.1 security and bugfix update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18...
Security Update for .NET Core (August 2021)
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore affected by a denial of service DoS vulnerability, as server applications providing WebSocket endpoints can be tricked into endlessly looping...
Security Update for .NET Core (August 2021) (macOS)
The Microsoft .NET Core installation on the remote host is version 2.1.x prior to 2.1.29, 3.1.x prior to 3.1.18, or 5.x prior to 5.0.9. It is, therefore affected by multiple vulnerabilities, as follows: - An information disclosure vulnerability exists when dumps created by the tool to collect cra...
CVE-2021-26423
An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...
PT-2021-4178 · Microsoft +3 · Visual Studio +5
Name of the Vulnerable Software and Affected Versions: .NET Core versions 2.1 through 3.1 .NET Core version 5.0 Visual Studio affected versions not specified Description: A denial of service issue exists due to insufficient input validation. This could allow a remote attacker to cause a denial of...
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...
CVE-2021-37840
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking CSWH involving OS commands within WebSocket messages at a ws:// URL for /webssh the victim must have configured Terminal with at least one host. Successful exploitation depends on the browser used by a potential victim e.g., exploitatio...
CVE-2021-37840
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking CSWH involving OS commands within WebSocket messages at a ws:// URL for /webssh the victim must have configured Terminal with at least one host. Successful exploitation depends on the browser used by a potential victim e.g., exploitatio...
Cross site scripting
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking CSWH involving OS commands within WebSocket messages at a ws:// URL for /webssh the victim must have configured Terminal with at least one host. Successful exploitation depends on the browser used by a potential victim e.g., exploitatio...
CVE-2021-37840
aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking CSWH involving OS commands within WebSocket messages at a ws:// URL for /webssh the victim must have configured Terminal with at least one host. Successful exploitation depends on the browser used by a potential victim e.g., exploitatio...
CVE-2021-37840
CVE-2021-37840 affects aaPanel up to version 6.8.12, enabling Cross-Site WebSocket Hijacking (CSWH) that can execute OS commands within WebSocket messages issued to ws://…/webssh. The victim must have Terminal configured with at least one host. Exploitation appears browser-dependent (e.g., feasib...
aaPanel 安全漏洞
aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel LinuxStable 6.8.12, which allows attackers to conduct cross-site WebSocket hijacking CSWH and OS commands in WebSocket messages...
CVE-2020-16839
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...