Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5292 matches found

RedHat Linux
RedHat Linuxadded 2021/05/18 2:2 p.m.5 views

webkitgtk: use-after-free may lead to arbitrary code execution

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

8.8CVSS8AI score0.03266EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linuxadded 2021/05/18 12:0 a.m.38 views

Security update for prosody (important)

openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0751-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes four...

7.8CVSS6.9AI score0.02261EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2021/05/17 12:0 a.m.37 views

Ubuntu 20.04 LTS : Eventlet vulnerability (USN-4956-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory. It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Tenable has extracte...

5.3CVSS6.7AI score0.01792EPSS
Exploits0References2
Node.js
Node.jsadded 2021/05/13 8:29 p.m.88 views

Regular Expression Denial of Service

Overview In websocket-extensions before version 0.1.4, there is a vulnerability which allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a;...

5CVSS3.6AI score0.02955EPSS
Exploits1Affected Software1
OSV
OSVadded 2021/05/10 3:15 p.m.3 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS5.8AI score0.00961EPSS
Exploits0References1
NVD
NVDadded 2021/05/10 3:15 p.m.16 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS0.00961EPSS
Exploits0References1
Prion
Prionadded 2021/05/10 3:15 p.m.25 views

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2021/05/10 2:24 p.m.25 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.7AI score0.00961EPSS
Exploits0References1
CVE
CVEadded 2021/05/10 2:24 p.m.66 views

CVE-2021-23010

CVE-2021-23010 affects BIG-IP ASM/Advanced WAF: when processing WebSocket requests with JSON payloads using the default JSON Content Profile, the BIG-IP ASM bd process may produce a core file. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x b...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1Affected Software1
Veracode
Veracodeadded 2021/05/10 2:49 a.m.26 views

Denial Of Service (DoS)

eventlet is vulnerable to denial of service. The vulnerability exists as the size of websocket frame is not restricted, leading to a machine exhaustion when an attacker sends a huge websocket frames...

5.3CVSS2AI score0.01792EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blogadded 2021/05/07 3:50 p.m.46 views

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

5.3CVSS1.5AI score0.01792EPSS
Exploits0References7Affected Software1
OSV
OSVadded 2021/05/07 3:15 p.m.30 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS5.1AI score
Exploits0References3
NVD
NVDadded 2021/05/07 3:15 p.m.16 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS0.01792EPSS
Exploits0References3
OSV
OSVadded 2021/05/07 3:15 p.m.1 views

DEBIAN-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.6AI score0.01792EPSS
Exploits0References1
PyPA
PyPAadded 2021/05/07 3:15 p.m.3 views

PYSEC-2021-12

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.9AI score0.01792EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCveadded 2021/05/07 3:15 p.m.22 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.8AI score0.01792EPSS
Exploits0References2
OSV
OSVadded 2021/05/07 3:15 p.m.2 views

UBUNTU-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.8AI score0.01792EPSS
Exploits0References3
Prion
Prionadded 2021/05/07 3:15 p.m.23 views

Code injection

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5CVSS5.3AI score0.01792EPSS
Exploits0References3Affected Software2
OSV
OSVadded 2021/05/07 3:15 p.m.41 views

PYSEC-2021-12

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS1AI score0.01792EPSS
Exploits0References1
Cvelist
Cvelistadded 2021/05/07 2:30 p.m.29 views

CVE-2021-21419 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS5.8AI score0.01792EPSS
Exploits0References3
Rows per page
Query Builder