Lucene search
+L

118 matches found

OSV
OSV
added 2022/12/27 10:15 p.m.32 views

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.8CVSS9.7AI score
Exploits0References2
Prion
Prion
added 2022/12/27 10:15 p.m.80 views

Authentication flaw

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

7.5CVSS9.6AI score0.01116EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.29 views

CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.9AI score0.01116EPSS
Exploits1References2
CVE
CVE
added 2022/12/27 9:13 p.m.88 views

CVE-2021-4236

CVE-2021-4236 affects github.com/ecnepsnai/web. WebSockets with an AuthenticateMethod hook do not execute any AuthenticateMethod, enabling a nil pointer dereference if UserData is assumed non-nil or allowing authentication bypass. Non-WebSocket request handlers are not vulnerable. No remediation/...

9.8CVSS9.7AI score0.01116EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.4 views

CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.7AI score0.01116EPSS
Exploits1References2
NVD
NVD
added 2022/08/31 3:15 p.m.42 views

CVE-2022-36045

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

9.8CVSS0.01052EPSS
Exploits0References3
Prion
Prion
added 2022/08/31 3:15 p.m.23 views

Code injection

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

7.5CVSS9.4AI score0.01052EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/08/31 3:10 p.m.79 views

CVE-2022-36045

CVE-2022-36045 affects NodeBB Forum Software. The root cause is a cryptographically weak PRNG used by the helper function utils.generateUUID (uses Math.random()), enabling an attacker to possibly calculate reset codes and takeover an account without victim involvement. Affected versions include e...

9.8CVSS9.3AI score0.01052EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/31 3:10 p.m.55 views

CVE-2022-36045 Account takeover via cryptographically weak PRNG in NodeBB Forum

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...

9CVSS9.7AI score0.01052EPSS
Exploits0References3
OSV
OSV
added 2021/07/28 6:8 p.m.42 views

GO-2021-0107 Panic or authentication bypass in github.com/ecnepsnai/web

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

9.8CVSS9.6AI score0.01116EPSS
Exploits1References1
OSV
OSV
added 2021/06/23 5:26 p.m.12 views

GHSA-5GJG-JGH4-GPPM Websocket requests did not call AuthenticateMethod

Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...

9.8CVSS9.7AI score0.01116EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/06/23 5:26 p.m.30 views

Websocket requests did not call AuthenticateMethod

Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...

9.8CVSS1.8AI score0.01116EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2021/02/23 12:0 a.m.24 views

Google Chrome Security Update (stable-channel-update-for-desktop_16-2021-02) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

9.6CVSS9.9AI score0.09458EPSS
Exploits8References1
OSV
OSV
added 2021/02/22 10:15 p.m.5 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.5AI score
Exploits0References5
Prion
Prion
added 2021/02/22 10:15 p.m.22 views

Design/Logic Flaw

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

6.8CVSS9AI score0.09458EPSS
Exploits1References5Affected Software4
UbuntuCve
UbuntuCve
added 2021/02/22 10:15 p.m.29 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.2AI score0.09458EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/02/22 9:20 p.m.19 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

9.3AI score0.09458EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2021/02/22 9:20 p.m.26 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.5AI score0.09458EPSS
Exploits1
CVE
CVE
added 2021/02/22 9:20 p.m.841 views

CVE-2021-21157

CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...

8.8CVSS9AI score0.09458EPSS
Exploits1References5Affected Software2
AlpineLinux
AlpineLinux
added 2021/02/22 9:20 p.m.45 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.3AI score0.09458EPSS
Exploits1
Rows per page
Query Builder