5357 matches found
CVE-2020-9345
The CVE affects signotec signoPAD-API/Web (formerly Websocket Pad Server) on Windows prior to version 3.1.1. Root cause: the application does not limit the number of opened WebSocket sockets, enabling a Denial of Service when a victim visits an attacker-controlled site. Reported impact is partial...
CVE-2020-9343
An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this...
CVE-2020-9343
CVE-2020-9343 affects signotec signoPAD-API/Web (Windows) prior to 3.1.1. The issue arises from unbounded parsing of nested JSON structures in WebSocket data, enabling a DoS when a victim visits an attacker‑controlled site and sends deeply nested JSON arrays. Affected component is the Websocket P...
CVE-2019-17654
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking CSWSH attack...
CVE-2019-17654
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking CSWSH attack...
Cross site scripting
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking CSWSH attack...
CVE-2019-17654
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking CSWSH attack...
CVE-2019-17654
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking CSWSH attack...
CVE-2019-17654
CVE-2019-17654 pertains to FortiManager: an insufficient verification of data authenticity vulnerability could allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. Affected products/versions are FortiManager 6.2.1, 6.2.0, 6.0.6 and below. The connected doc...
Important: tomcat
Issue Overview: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. CVE-2018-8034 The URL pattern of "" the empty string which...
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
Format string
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...
CVE-2020-10101
CVE-2020-10101 affects Zammad 3.0–3.2 where the WebSocket server crashes when non‑JSON messages are sent. The root cause is inadequate validation of message format and unhandled parsing errors, causing a service process crash. Public details in the connected sources reiterate the same description...
DEBIAN-CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...
AZL-6833 CVE-2018-21035 affecting package qt5-qtsvg for versions less than 5.12.11-3
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...
CVE-2018-21035
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service memory consumption...