Lucene search
K

41 matches found

Prion
Prion
added 2022/05/20 12:15 p.m.14 views

Cross site scripting

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing CORS vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE...

6.8CVSS8.5AI score0.00623EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/05/14 2:5 a.m.3 views

GHSA-75CW-5CGV-G853 IPython Notebook vulnerable to improper validation of the origin of websocket requests

IPython Notebook 0.12 through 1.x before 1.2.0 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

9.8CVSS7.3AI score0.04665EPSS
Exploits0References13
OSV
OSV
added 2022/03/18 12:15 p.m.6 views

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

9.8CVSS5.8AI score0.01953EPSS
Exploits1References1
Prion
Prion
added 2021/05/10 3:15 p.m.28 views

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/10 2:24 p.m.28 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.7AI score0.00961EPSS
Exploits0References1
CVE
CVE
added 2021/05/10 2:24 p.m.73 views

CVE-2021-23010

CVE-2021-23010 affects BIG-IP ASM/Advanced WAF: when processing WebSocket requests with JSON payloads using the default JSON Content Profile, the BIG-IP ASM bd process may produce a core file. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x b...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/02/12 6:15 p.m.3 views

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

7.5CVSS7.1AI score0.00961EPSS
Exploits0References1
Prion
Prion
added 2021/02/12 6:15 p.m.24 views

Code injection

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2019/06/18 9:15 p.m.23 views

Design/Logic Flaw

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an...

6.8CVSS8.8AI score0.02597EPSS
Exploits1References3Affected Software3
Cvelist
Cvelist
added 2019/06/18 8:47 p.m.27 views

CVE-2017-8337

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an...

8.9AI score0.02597EPSS
Exploits1References3
CNVD
CNVD
added 2019/06/03 12:0 a.m.2 views

HPE Intelligent Management Center Remote Code Execution Vulnerability (CNVD-2019-24789)

HPE Intelligent Management Center is a suite of network intelligence management center solutions. The solution provides network-wide visibility and enables comprehensive management of resources, services and users. A code execution vulnerability exists in the Shape3DWebSocketServlet servlet in HP...

9CVSS7.7AI score0.05813EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/23 12:0 a.m.6 views

F5 BIG-IP Arbitrary Code Execution Vulnerability (CNVD-2018-07456)

The BIG-IP platform is the intelligent evolution of Application Delivery Controller ADC technology.The BIG-IP system is at the heart of the information flow between applications and users and ensures that the flow of information between applications and users is seamless. The F5 product modules...

9.3CVSS7.9AI score0.04534EPSS
Exploits0References1
OSV
OSV
added 2018/03/19 6:29 p.m.20 views

CVE-2018-1221

In cf-deployment before 1.14.0 and routing-release before 0.172.0, the Cloud Foundry Gorouter mishandles WebSocket requests for AWS Application Load Balancers ALBs and some other HTTP-aware Load Balancers. A user with developer privileges could use this vulnerability to steal data or cause denial...

8.1CVSS8.2AI score0.01235EPSS
Exploits0References1
Veracode
Veracode
added 2018/02/01 5:15 a.m.10 views

Cross-site Request Forgery (CSRF)

github.com/gobuffalo/buffalo is vulnerable to cross-site request forgery CSRF attacks. The library does not disable cross-origin websocket requests, allowing a malicious user to conduct a cross-site request forgery attack...

6.6AI score
Exploits0
Node.js
Node.js
added 2016/03/28 5:34 p.m.25 views

No CSRF Validation

Overview Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The...

6.8CVSS4.3AI score0.00493EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.78 views

[ MDVSA-2014:157 ] ipython

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:157 http://www.mandriva.com/en/support/security/ Package : ipython Date : August 8, 2014 Affected: Business Server 1.0 Problem Description: Updated ipython package fixes security vulnerability: In IPython...

6.8CVSS6.5AI score0.04665EPSS
Exploits0
OSV
OSV
added 2014/08/07 11:13 a.m.7 views

CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

7.3AI score
Exploits0References11
Cvelist
Cvelist
added 2014/08/07 10:0 a.m.39 views

CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

7.2AI score0.04665EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2014/08/07 10:0 a.m.31 views

CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

6.8CVSS7.3AI score0.04665EPSS
Exploits0
OSV
OSV
added 2014/08/06 10:31 a.m.4 views

MGASA-2014-0320 Updated ipython package fixes security vulnerability

In IPython before 1.2, the origin of websocket requests was not verified within the IPython notebook server. If an attacker has knowledge of an IPython kernel id they can run arbitrary code on a user's machine when the client visits a crafted malicious page CVE-2014-3429...

6.8CVSS6.7AI score0.04665EPSS
Exploits0References4
Rows per page
Query Builder