Lucene search
K

203 matches found

SUSE CVE
SUSE CVE
added 2023/02/28 3:27 a.m.4 views

SUSE CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

7.5CVSS6.9AI score0.01229EPSS
Exploits1References3
OSV
OSV
added 2023/02/25 5:0 a.m.22 views

CVE-2023-26103

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...

5.3CVSS7.5AI score0.01229EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.6 views

patrickfuller camp 安全漏洞

patrickfuller camp patrickfuller camp is a websocket-based Raspberry Pi webcam web server by the individual developer Patrick Fuller. A security vulnerability exists in patrickfuller camp commit number: bbd53a256ed70e79bd8758080936afbf6d738767, which stems from the fact that its...

9.8CVSS8.3AI score0.49201EPSS
Exploits3References7
Kitploit
Kitploit
added 2022/09/09 12:30 p.m.80 views

Gohide - Tunnel Port To Port Traffic Over An Obfuscated Channel With AES-GCM Encryption

Tunnel port to port traffic via an obfuscated channel with AES-GCM encryption. Obfuscation Modes Session Cookie HTTP GET http-client Set-Cookie Session Cookie HTTP/2 200 OK http-server WebSocket Handshake "Sec-WebSocket-Key" websocket-client WebSocket Handshake "Sec-WebSocket-Accept"...

7.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2015-0010)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.5AI score0.09525EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/01/14 12:0 a.m.2 views

PT-2022-4676 · Libexpat +2 · Libexpat +2

Name of the Vulnerable Software and Affected Versions: Prosody affected versions not specified Description: The issue is related to the implementation of the WebSocket server module for Jabber/XMPP in Prosody, which is associated with incorrect restriction of XML links to external objects. This c...

7.8CVSS7.5AI score0.04563EPSS
Exploits2References44
OSV
OSV
added 2020/09/01 9:18 p.m.14 views

GHSA-77Q4-M83Q-W76V Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

7.5CVSS7.5AI score0.01691EPSS
Exploits1References6
Prion
Prion
added 2020/05/18 12:15 a.m.9 views

Design/Logic Flaw

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5CVSS5.6AI score0.01008EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/05/17 11:5 p.m.27 views

CVE-2019-20801

An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code that accesses a user's data via...

5.6AI score0.01008EPSS
Exploits1References2
CVE
CVE
added 2020/05/17 11:5 p.m.54 views

CVE-2019-20801

CVE-2019-20801 affects the Readdle Documents iOS app up to version 6.9.7. The file-transfer web server allows cross-origin requests from any domain, and the WebSocket server lacks authorization control, enabling any website to execute JavaScript that can access a user’s data via cross-origin requ...

5.3CVSS5.5AI score0.01008EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/03/05 1:15 a.m.20 views

CVE-2020-10101

An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...

7.5CVSS7.5AI score0.01091EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/05 12:37 a.m.22 views

CVE-2020-10101

An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process...

7.5AI score0.01091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2019/10/15 6:37 a.m.35 views

CVE-2017-2670

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

7.5CVSS1.6AI score0.03662EPSS
Exploits0References1
OSV
OSV
added 2019/01/04 5:40 p.m.20 views

GHSA-CF66-XWFP-GVC4 Missing Origin Validation in webpack-dev-server

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

7.5CVSS7.2AI score0.02534EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2019/01/04 5:40 p.m.31 views

Missing Origin Validation in webpack-dev-server

Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

7.5CVSS4.8AI score0.02534EPSS
Exploits1References7Affected Software1
ThreatPost
ThreatPost
added 2018/12/14 3:55 p.m.12 views

Logitech Keystroke Injection Flaw Went Unaddressed for Months

Computer peripheral giant Logitech has finally issued a patched version of its Logitech Options desktop app, after being taken to task for a months-old security flaw. The bug could have allowed adversaries to launch keystroke injection attacks against Logitech keyboard owners that used the app...

0.8AI score
Exploits0References6
Veracode
Veracode
added 2018/11/09 6:26 a.m.12 views

Code Sniffing

browserify-hms is vulnerable to code sniffing. The code sniffing is possible because WebSocket server for HMR Hot Module Replacement does not validate the origin of the request, allowing unauthorised users to access HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection fr...

7.5CVSS7.4AI score0.01691EPSS
Exploits1References4Affected Software1
Node.js
Node.js
added 2018/11/07 7:5 p.m.19 views

Missing Origin Validation

Overview Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

5CVSS2.3AI score0.01691EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2018/11/02 3:41 a.m.26 views

Missing Origin Validation

Overview Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

5CVSS2.3AI score0.02327EPSS
Exploits1Affected Software1
OSV
OSV
added 2018/10/30 8:36 p.m.15 views

GHSA-37Q6-576Q-VGR7 Missing Origin Validation in parcel-bundler

Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

7.5CVSS7.5AI score0.02327EPSS
Exploits1References9
Rows per page
Query Builder