CVE-2017-1000219

creationtimestamp| type| source ---|---|--- 2020-09-01 16:43:55+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-63m4-fhf2-cmf7...

CVE-2016-1000249

creationtimestamp| type| source ---|---|--- 2020-09-01 16:38:33+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-2r7f-4h2c-5x73...

CVE-2016-5682

creationtimestamp| type| source ---|---|--- 2020-09-01 15:30:58+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-p239-93f7-h6xf...

CVE-2016-1000226

creationtimestamp| type| source ---|---|--- 2020-09-01 15:28:45+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-7f59-x49p-v8mq...

CVE-2016-3942

creationtimestamp| type| source ---|---|--- 2020-09-01 15:24:24+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-r87w-47m8-22w3...

CVE-2015-9239

creationtimestamp| type| source ---|---|--- 2020-09-01 15:17:48+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-c2v2-7rcg-2ch7...

CVE-2013-7379

creationtimestamp| type| source ---|---|--- 2020-08-31 22:59:07+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9vxc-g2jx-qj3p...

CVE-2020-8912

creationtimestamp| type| source ---|---|--- 2020-08-10 20:22:32+00:00| published-proof-of-concept| https://github.com/google/security-research/security/advisories/GHSA-7f33-f4f5-xwgw...

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

CVE-2020-15133

CVE-2020-15133 affects the faye-websocket library prior to 0.11.0. The issue is a lack of certificate verification in TLS handshakes: Faye::WebSocket::Client uses EM::Connection#start_tls for wss: connections and does not validate the server’s TLS certificate by default, enabling potential man-in...

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

Information Exposure

Overview Versions of auth0 before 2.27.1 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 management API fails, the key for Authorization header is not sanitized and the Authorization header value can be logg...

Sensitive Data Exposure

Overview Affected versions of npm-registry-fetch are vulnerable to an information exposure vulnerability through log files. The package supports URLs like ://:@::/. The password value is not redacted and is printed to stdout and also to any generated log files. Recommendation Upgrade to version...

XXE attack in Mapfish Print

Impact A user can do to an XML External Entity XXE attack with the provided SDL style. Patches Use version = 3.24 Workarounds No References https://cwe.mitre.org/data/definitions/611.html https://github.com/mapfish/mapfish-print/pull/1397/commits/e1d0527d13db06b2b62ca7d6afb9e97dacd67a0e For more...

Improper Verification of Cryptographic Signature

Overview Versions of jsrsasignprior to 8.0.17 fail to properly verify cryptographic signatures. Its RSASSA-PSS RSA-PSS implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature it accepts these modified signatures as valid. An attacker can abuse th...

WordPress XSS Vulnerability (Jun 2020) - Windows

WordPress is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

Information Exposure

Overview Versions of apollo-server-micro prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relation...

Information Exposure

Overview Versions of apollo-server-hapi prior to 2.14.2 are vulnerable to Information Exposure. The package does not properly enforce validation rules when creating subscription servers, which includes a NoInstrospection rule for the Websocket. This leaks the GraphQL schema types, their relations...

Cross-Site Scripting

Overview Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...