@b3dotfun/b3-api (>=0.0.2 <=0.0.102), @b3dotfun/basement-api (>=0.0.0 <=0.0.11) +42 more potentially affected by CVE-2023-37899 via @feathersjs/socketio (>=5.0.11 <=5.0.44)

@feathersjs/socketio NPM version =5.0.11, =0.0.2, =0.0.0, =0.0.741, =0.0.1-alpha.1, =0.0.11, =0.2.9, =2.1.0, =0.0.1, =0.0.10, =0.0.10, =0.0.1, =0.0.1, =0.1.8, =1.0.0, =1.0.14 and more Source cves: CVE-2023-37899 Source advisory: OSV:GHSA-HHR9-RH25-HVF9...

Striker - A Command And Control (C2)

Striker is a simple Command and Control C2 program. Disclaimer This project is under active development. Most of the features are experimental, with more to come. Expect breaking changes. Features A Agents Native agents for linux and windows hosts. Self-contained, minimal python agent should you...

Socketio Engine.IO Denial of Service Vulnerability

Engine.IO is a transport-based implementation of Socket.IO's cross-browser/cross-device bi-directional communication layer.A denial-of-service vulnerability exists in versions of Socketio Engine.IO prior to 3.6.1, 4.0.0 and later, and prior to 6.2.1, which stems from a failure to properly handle...

Socketio Socket.io Access Control Error Vulnerability

Socketio Socket.io is a Javascript-based server-side application from the Socketio community that supports event-based bidirectional communication. A security vulnerability exists in socket.io before 2.4.0, which stems from a CORS misconfiguration and is prone to insecure default values...

Socketio Engineio Resource Management Error Vulnerability

Socketio Engineio is a Javascript-based real-time engine for bi-directional communication between browsers and devices from the Socketio community. A security vulnerability exists in socketio socket.io-parser before 3.4.1, which can be exploited by attackers to cause a denial of service memory...

GHSA-XQ8R-R72R-PQWM Downloads Resources over HTTP in roslib-socketio

Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

Downloads Resources over HTTP in roslib-socketio

Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

Design/Logic Flaw

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

CVE-2020-24928

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server port 3020 open to all origins, which allows attackers to obtain sensitive Discord user information...

roslib-socketio code execution vulnerability

roslib-socketio is a ROS Robot Operating System JavaScript support library. A security vulnerability exists in roslib-socketio, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...

Man-in-the-Middle (MitM)

roslib-socketio are vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10681

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...

CVE-2016-10681

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...

Remote code execution

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...

CVE-2016-10681

roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...

CVE-2016-10681

The CVE-2016-10681 issue affects roslib-socketio. Affected code downloads binary resources over HTTP, enabling MITM interception and, in a network-positioned scenario, potential remote code execution by substituting the requested binary with a malicious one. Public advisories (GHSA-xq8r-r72r-pqwm...

Browser-based GDB frontend: gdbGUI

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browse Features Debug a different program in each tab new gdb instance is spawned for each tab Set/remove...

Denial Of Service (DoS)

netty-socketio is vulnerable to denial of service DoS attacks. It is possible for an attacker to open many silent channels which don't timeout, causing denial of service...