Lucene search
K

7 matches found

Veracode
Veracode
added 2022/11/01 5:10 a.m.28 views

Type Confusion

socket.io-parser is vulnerable to type confusion. It is possible to overwrite the placeholder object due to improper type validation of attachment parsing in the reconstructPacket function, which allows an attacker to place references to functions at arbitrary places in the resulting query object...

10CVSS8.9AI score0.01121EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2022/10/26 10:15 a.m.22 views

CVE-2022-2421

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

10CVSS0.01121EPSS
Exploits0References2
Prion
Prion
added 2022/10/26 10:15 a.m.27 views

Input validation

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

7.5CVSS9.3AI score0.01121EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/25 12:0 a.m.20 views

CVE-2022-2421 Socket.io - Improper type validation in attachment parsing

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

10CVSS6.8AI score0.01121EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.30 views

CVE-2022-2421 Socket.io - Improper type validation in attachment parsing

Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object...

10CVSS9.6AI score0.01121EPSS
Exploits0References2
CVE
CVE
added 2022/10/25 12:0 a.m.224 views

CVE-2022-2421

CVE-2022-2421 : The vulnerability arises from improper type validation in the Socket.io attachment parsing, allowing overwriting of the _placeholder object and potentially placing function references in the resulting query object. In IBM App Connect Enterprise Certified Container, this could enab...

10CVSS9.3AI score0.01121EPSS
Exploits0References2Affected Software1
seebug.org
seebug.org
added 2007/06/28 12:0 a.m.27 views

Symantec Mail Security for SMTP可执行程序附件解析拒绝服务漏洞

BUGTRAQ ID: 24625 CVECAN ID: CVE-2007-1792 Symantec Mail Security for SMTP是用于扫描邮件的反垃圾邮件、杀毒和内容过滤软件包。 Mail Security的SMS Filter Hub服务没有正确地解析邮件附件中的可执行程序,如果攻击者发送了恶意邮件的话就可能导致无法处理的访问破坏,服务会周期性的拒绝邮件。 Symantec Mail Security for SMTP 5.0.1 Symantec Mail Security for SMTP 5.0 Symantec Mail Security Appliance...

7.8CVSS6.4AI score0.04722EPSS
Exploits1
Rows per page
Query Builder