CVE-2023-45820

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-755
View all →

Vulnerability Description

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus. This issue has been addressed in version 10.6.2. Users are advised to upgrade. Users unable to upgrade should avoid using websockets.

Related Vulnerabilities

CVE-2011-2336

MEDIUM
CVSS:6.5(Medium)

An issue exists in WebKit in Google Chrome before Blink M12. when clearing lists in AnimationControllerPrivate that signal when a hardware animation starts.

CWE-7552011

CVE-2011-2807

MEDIUM
CVSS:6.5(Medium)

Incorrect handling of timer information in Timer.cpp in WebKit in Google Chrome before Blink M13.

CWE-7552011

CVE-2016-11034

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The Sams...

CWE-7552016

CVE-2017-9658

MEDIUM
CVSS:6.5(Medium)

Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff t...

CWE-7552017

CVE-2018-1269

MEDIUM
CVSS:6.5(Medium)

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing cer...

CWE-7552018

CVE-2019-0144

MEDIUM
CVSS:6.5(Medium)

Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.

CWE-7552019