118 matches found
CVE-2021-4236
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
Authentication flaw
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
CVE-2021-4236
CVE-2021-4236 affects github.com/ecnepsnai/web. WebSockets with an AuthenticateMethod hook do not execute any AuthenticateMethod, enabling a nil pointer dereference if UserData is assumed non-nil or allowing authentication bypass. Non-WebSocket request handlers are not vulnerable. No remediation/...
CVE-2021-4236 Panic or authentication bypass in github.com/ecnepsnai/web
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
CVE-2022-36045
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...
Code injection
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...
CVE-2022-36045
CVE-2022-36045 affects NodeBB Forum Software. The root cause is a cryptographically weak PRNG used by the helper function utils.generateUUID (uses Math.random()), enabling an attacker to possibly calculate reset codes and takeover an account without victim involvement. Affected versions include e...
CVE-2022-36045 Account takeover via cryptographically weak PRNG in NodeBB Forum
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and...
GO-2021-0107 Panic or authentication bypass in github.com/ecnepsnai/web
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
GHSA-5GJG-JGH4-GPPM Websocket requests did not call AuthenticateMethod
Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...
Websocket requests did not call AuthenticateMethod
Impact Depending on implementation, a denial-of-service or privilege escalation vulnerability may occur in software that uses the github.com/ecnepsnai/web package with Web Sockets that have an AuthenticateMethod. The AuthenticateMethod is not called, and UserData will be nil in request methods...
Google Chrome Security Update (stable-channel-update-for-desktop_16-2021-02) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Design/Logic Flaw
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-21157
CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...
CVE-2021-21157
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...