NewStart CGSL MAIN 6.02 : libvncserver Vulnerability (NS-SA-2021-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libvncserver Vulnerability (NS-SA-2021-0005)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploi...

NewStart CGSL CORE 5.04 / MAIN 5.04 : tomcat Multiple Vulnerabilities (NS-SA-2021-0028)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tomcat packages installed that are affected by multiple vulnerabilities: - When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacke...

NewStart CGSL MAIN 6.02 : qt5-qtwebsockets Vulnerability (NS-SA-2021-0085)

The remote NewStart CGSL host, running version MAIN 6.02, has qt5-qtwebsockets packages installed that are affected by a vulnerability: - In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier...

Fedora: Security Advisory for python-aiohttp (FEDORA-2021-673b10ed77)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

DEBIAN-CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Apache MyFaces 2.x Cross Site Request Forgery

Ceritude Securiy Advisory - CSA-2021-001 PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger,...

Apache MyFaces 2.x Cross Site Request Forgery Vulnerability

PRODUCT : Apache MyFaces VENDOR : The Apache Software Foundation SEVERITY : High AFFECTED VERSION : =2.2.13, =2.3.7, =2.3-next-M4, =2.1 branches IDENTIFIERS : CVE-2021-26296 PATCH VERSION : 2.2.14, 2.3.8, 2.3-next-M5, 3.0.0 FOUND BY : Wolfgang Ettlinger, Certitude Lab Introduction ------------...

The vulnerability of the web-socket technology implementation in Google Chrome’s web browser allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Google Chrome web browser’s web socket technology lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Nextcloud: bypassing dashboard without account + Information disclosure trough websockets

Sumarry : I found a information disclosure for bypassing parameter url attacker can redirect to dashboard without login user/pass page and websocket can be exposed in response/dashboard. URL Effected https://support.nextcloud.com/passwordreset Steps To Reproduce: Opened directory at...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

Code injection

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

CVE-2021-22976

The CVE-2021-22976 issue affects F5 BIG-IP products with Advanced WAF/ASM. When the ASM system processes WebSocket requests containing JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the bd process, potentially impacting request processing latency. Affected...

F5 Networks BIG-IP : BIG-IP ASM WebSocket vulnerability (K88230177)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K88230177 advisory. - On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x...

SmartFoxServer 2X 2.17.0 God Mode Console WebSocket Cross Site Scripting

SmartFoxServer 2X 2.17.0 God Mode Console WebSocket XSS Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X, Pro, Basic Summary: SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer gam...

SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS

Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console WebSocket XSS Date: 29.01.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6...

EulerOS 2.0 SP5 : libvncserver (EulerOS-SA-2021-1208)

According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service...