CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5309 matches found

Prion•added 2022/04/28 8:15 p.m.•15 views

Cross site scripting

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

6.8CVSS8.6AI score0.00958EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/04/28 7:44 p.m.•15 views

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...

8.9AI score0.00449EPSS

Exploits0References2

CNNVD•added 2022/04/28 12:0 a.m.•6 views

Northern.tech Mender Enterprise 跨站请求伪造漏洞

Northern.tech Mender Enterprise is a wireless update manager for IoT devices from Northern.tech. A security vulnerability exists in Northern.tech Mender Enterprise prior to version 3.2.2, which stems from a cross-domain websocket hijacking allowed via the Deviceconnect microservice from 1.3.0...

8.8CVSS8.2AI score0.00449EPSS

Exploits0References3

RedHat Linux•added 2022/04/12 7:6 p.m.•0 views

tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS

A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...

7.5CVSS6.7AI score0.10997EPSS

Exploits0References9

CNNVD•added 2022/04/12 12:0 a.m.•5 views

Aethon TUG Home Base Server 安全漏洞

Aethon TUG Home Base Server is a robotics server from Aethon, Inc. It is used to control and communicate with autonomous mobile robots. Aethon TUG Home Base Server has a security vulnerability that originates from an unauthenticated attacker being able to connect to the TUG Home Base Server...

8.2CVSS8AI score0.00657EPSS

Exploits0References4

RedHat Linux•added 2022/03/23 8:22 a.m.•0 views

undertow: buffer leak on incoming websocket PONG message may lead to DoS

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS7.2AI score0.01375EPSS

Exploits1References4

Tenable Nessus•added 2022/03/20 12:0 a.m.•37 views

openSUSE 15 Security Update : weechat (openSUSE-SU-2022:0083-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0083-1 advisory. - WeeChat before 3.2.1 allows remote attackers to cause a denial of service crash via a crafted WebSocket frame that trigger an out-of-bounds read i...

7.5CVSS7.2AI score0.01543EPSS

Exploits0References4

OSV•added 2022/03/18 12:15 p.m.•4 views

CVE-2022-24595

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP or WebSocket request to the socket listened by the afb-daemon process. No...

9.8CVSS5.8AI score0.01953EPSS

Exploits1References1

NVD•added 2022/03/18 12:15 p.m.•11 views

CVE-2022-24595

9.8CVSS0.01953EPSS

Exploits1References1

Prion•added 2022/03/18 12:15 p.m.•12 views

Design/Logic Flaw

7.5CVSS9.3AI score0.01953EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/03/18 11:16 a.m.•14 views

CVE-2022-24595

9.6AI score0.01953EPSS

Exploits1References1

OSV•added 2022/03/15 7:38 p.m.•31 views

GO-2021-0321

An attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification...

5.9CVSS2.5AI score0.00619EPSS

Exploits0References3

Veracode•added 2022/03/14 9:57 a.m.•26 views

Information Disclosure

FreeTAKServer-UI is vulnerable to information disclosure. The vulnerability exists because it exposes sensitive API and Websocket keys through the leakage of the RestAPI and Websocket tokens in WebUI...

7.5CVSS0.7AI score0.01073EPSS

Exploits1References1Affected Software1

CNVD•added 2022/03/14 12:0 a.m.•21 views

FreeTAKServer-UI Information Disclosure Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

7.5CVSS1.5AI score0.01073EPSS

Exploits1References1