5363 matches found
Integer overflow
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
UBUNTU-CVE-2020-27813
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
CVE-2020-27813
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
CVE-2020-27813
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
PT-2020-16801 · Unknown +1 · Http Server +1
Name of the Vulnerable Software and Affected Versions: HTTP Server affected versions not specified Description: The issue is related to an integer overflow vulnerability in the length of websocket frames received via a websocket connection. This flaw can be exploited by an attacker to cause a...
CVE-2020-27813
CVE-2020-27813 is a denial-of-service vulnerability in Gorilla WebSocket (golang-websocket) where an integer overflow in the length of received WebSocket frames could crash the HTTP server. Public advisories (Debian DLA-3420, Ubuntu USN-6208-1, Debian/DLA references) confirm the affected package ...
Gorilla Websocket Resource Management Error Vulnerability
Gorilla Websocket is a Go-based implementation of the Websocket codebase by the individual developers of Gorilla. A resource management error vulnerability exists in Gorilla WebSocket versions prior to 1.4.0, which stems from an integer overflow vulnerability in the length of a websocket frame...
Webkit WebSocket code execution vulnerability
Summary A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...
WebKitGTK 资源管理错误漏洞
WebKitGTK is a full-featured port of the WebKit rendering engine.A post-release reuse vulnerability exists in the WebSocket functionality of WebKitGTK 2.30.0. An attacker could exploit the vulnerability to achieve remote code execution by tricking a user into visiting a specially crafted web page...
CVE-2020-27813
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...
Security Bulletin: Improper Authentication of Websocket Endpoint in IBM Spectrum Protect Operations Center
Summary Improper authentication of a websocket endpoint in IBM Spectrum Protect Operations Center could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2020-4771 DESCRIPTION: IBM Spectrum Protect Operations Center could allow a remote attacker to obtain...
CVE-2020-4771
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
Authentication flaw
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
CVE-2020-4771
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could...
CVE-2020-4771
IBM Spectrum Protect Operations Center contains a vulnerability (CVE-2020-4771) where improper authentication of a websocket endpoint could allow a remote attacker to obtain sensitive information by subscribing to the websocket event stream. Affected versions are IBM Spectrum Protect Operations C...
IBM Spectrum Protect Operations Center Information Disclosure Vulnerability (CNVD-2020-67638)
IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...
IBM Spectrum Protect Operations Center 授权问题漏洞
IBM Spectrum Protect Operations Center is a software from IBM USA that provides visual control for IBM Spectrum Protect environments. IBM Spectrum Protect Operations Center suffers from a sensitive information disclosure vulnerability caused by a failure to properly authenticate a websocket...
Security Bulletin: CVE-2020-13935 The payload length in a WebSocket frame was not correctly validated
Summary The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a...
tomcat: request mixup
A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...
Moderate: Red Hat Security Advisory: qt5-qtbase and qt5-qtwebsockets security and bug fix update
An update for qt5-qtbase, qt5-qttools, and qt5-qtwebsockets is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...