CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

190 matches found

IBM Security Bulletins•added 2023/06/20 3:24 p.m.•41 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.11 and earlier

Summary This fix upgrades to grpc 1.55.1, jersey 2.39.1, jackson 2.15.2, and socket.io 4.6.2. Vulnerability Details CVEID:CVE-2023-31125 DESCRIPTION: Engine.IO is vulnerable to a denial of service, caused by an uncaught exception. By sending a specially crafted HTTP request, a remote authenticate...

7.5CVSS6.8AI score0.01086EPSS

Exploits0Affected Software1

NVD•added 2023/05/27 4:15 p.m.•19 views

CVE-2023-32695

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3...

7.5CVSS7.3AI score0.00302EPSS

Exploits0References4

OSV•added 2023/05/27 4:15 p.m.•1 views

DEBIAN-CVE-2023-32695

7.5CVSS7.6AI score0.00302EPSS

Exploits0References1

Prion•added 2023/05/27 4:15 p.m.•18 views

Design/Logic Flaw

5CVSS7.5AI score0.00302EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2023/05/27 4:15 p.m.•44 views

CVE-2023-32695

7.5CVSS7AI score0.00302EPSS

Exploits0References4

CVE•added 2023/05/27 3:44 p.m.•155 views

CVE-2023-32695

CVE-2023-32695 affects the socket.io-parser component (a Socket.IO encoder/decoder) used with Node.js services. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, causing the Node.js process to crash. A fix has been released in version 4.2.3 of socket....

7.5CVSS7.2AI score0.00302EPSS

Exploits0References4Affected Software1

Cvelist•added 2023/05/27 3:44 p.m.•20 views

CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet

7.3CVSS7.7AI score0.00302EPSS

Exploits0References4

Vulnrichment•added 2023/05/27 3:44 p.m.•11 views

CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet

7.3CVSS7.5AI score0.00302EPSS

Exploits0References4

OSV•added 2023/05/27 3:44 p.m.•18 views

CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet

7.3CVSS7.7AI score0.00302EPSS

Exploits0References6

Debian CVE•added 2023/05/27 3:44 p.m.•29 views

CVE-2023-32695

7.5CVSS7.6AI score0.00302EPSS

Exploits0

CNNVD•added 2023/05/27 12:0 a.m.•3 views

Socket.IO 代码问题漏洞

Socket.IO is a JavaScript library for real-time web applications from Socket.IO. A security vulnerability exists in Socket.IO versions prior to 4.2.3, which stems from a specially crafted Socket.IO packet that can kill Node.js processes by triggering an uncaught exception on the Socket.IO server...

7.5CVSS7.5AI score0.00302EPSS

Exploits0References7

Veracode•added 2023/05/26 6:7 a.m.•28 views

Denial Of Service (DoS)

socket.io-parser is vulnerable to Denial of Service DoS attacks. A malicious user is able to trigger an uncaught exception on the Socket.IO server due to insufficient validation when decoding a Socket.IO packet, causing the application to crash by killing the Node.js process...

7.5CVSS6.8AI score0.00302EPSS

Exploits0References5Affected Software2

vulnersOsv•added 2023/05/23 7:55 p.m.•4 views

0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1919 more potentially affected by CVE-2023-32695 via socket.io-parser (>=4.0.5 <=4.2.2)

socket.io-parser NPM version =4.0.5, =1.0.49, =1.0.0, =0.0.28, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =0.0.9 and more Source cves: CVE-2023-32695 Source advisory: OSV:GHSA-CQMJ-92XF-R6R9...

7.5CVSS7.2AI score0.00302EPSS

Exploits0

OSV•added 2023/05/23 7:55 p.m.•2 views

GHSA-CQMJ-92XF-R6R9 Insufficient validation when decoding a Socket.IO packet

Impact A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. TypeError: Cannot convert object to primitive value at Socket.emit node:events:507:25 at .../nodemodules/socket.io/lib/socket.js:531:14 Patches A fix has been...

7.3CVSS7AI score0.00302EPSS

Exploits0References8

vulnersOsv•added 2023/05/23 7:55 p.m.•0 views

10cartsharing (>=1.0.0 <=1.0.3), 1api (>=0.0.1 <=0.0.2) +7953 more potentially affected by CVE-2023-32695 via socket.io-parser (>=2.2.2 <=3.3.0)

socket.io-parser NPM version =2.2.2, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =1.0.1, =2.16.1, =1.0.0-RC.1, =0.1.0, =1.0.1, =1.0.3 and more Source cves: CVE-2023-32695 Source advisory: OSV:GHSA-CQMJ-92XF-R6R9...

7.5CVSS7.2AI score0.00302EPSS

Exploits0

Github Security Blog•added 2023/05/23 7:55 p.m.•78 views

Insufficient validation when decoding a Socket.IO packet

7.5CVSS7.2AI score0.00302EPSS

Exploits0References8Affected Software1

IBM Security Bulletins•added 2023/05/17 3:25 p.m.•49 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

7.5CVSS7.5AI score0.04106EPSS

Exploits3Affected Software1

NVD•added 2023/05/08 9:15 p.m.•11 views

CVE-2023-31125

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the socket.io parent package. Older versions are not impacted. A...

6.5CVSS6.6AI score0.01086EPSS

Exploits0References4

Prion•added 2023/05/08 9:15 p.m.•37 views

Cross site scripting

4CVSS6.4AI score0.01086EPSS

Exploits0References4Affected Software1

OSV•added 2023/05/08 8:21 p.m.•20 views

CVE-2023-31125 Uncaught exception in engine.io

6.5CVSS6.5AI score0.01086EPSS

Exploits0References6

Rows per page