3 matches found
CVE-2022-41940
CVE-2022-41940 affects Engine.IO, the transport layer used by Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, causing the Node.js process to crash and resulting in a denial of service. Affected are Engine.IO versions prior to patches released...
WAGO PFC200 Cloud Connectivity Improper Host Validation Vulnerability
Summary An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized access to firmware update functionality. An...
CVE-2016-10536
The CVE-2016-10536 issue affects engine.io-client (Socket.IO) prior to 1.6.9, where the client passes a settings object containing rejectUnauthorized; if not explicitly set, it can be passed as null, disabling certificate verification and exposing users to Man-in-the-Middle attacks. This behavior...