Lucene search
K

4 matches found

OSV
OSV
โ€ขadded 2026/06/23 12:59 p.m.โ€ข6 views

JLSEC-2026-622 Predictable WebSocket masking key and handshake nonce in HTTP.jl client

Description The WebSocket client masking key wssendframe! and the Sec-WebSocket-Key handshake nonce wsrandomhandshakekey were generated with randUInt8, n, which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short r...

5.9AI score
Exploits0References2
Snyk
Snyk
โ€ขadded 2026/06/12 6:30 p.m.โ€ข5 views

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

6.3CVSS5.4AI score0.00027EPSS
Exploits0References2
Debian CVE
Debian CVE
โ€ขadded 2025/09/12 5:10 a.m.โ€ข7 views

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7AI score0.00466EPSS
Exploits0
SUSE CVE
SUSE CVE
โ€ขadded 2025/09/10 11:27 p.m.โ€ข4 views

SUSE CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.1AI score0.00466EPSS
Exploits0References11
Rows per page
Query Builder