Lucene search
+L

160 matches found

Positive Technologies
Positive Technologies
added 2021/06/23 12:0 a.m.5 views

PT-2021-23591 · Unknown · Github.Com/Ecnepsnai/Web

Name of the Vulnerable Software and Affected Versions: github.com/ecnepsnai/web package versions prior to 1.5.2 Description: The issue arises when Web Sockets do not execute any AuthenticateMethod methods, potentially leading to a nil pointer dereference or authentication bypass. This problem...

9.8CVSS9.7AI score0.01116EPSS
Exploits1References11
OSV
OSV
added 2021/05/25 7:15 p.m.10 views

AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

5.3CVSS6.4AI score0.02821EPSS
Exploits1References1
OSV
OSV
added 2021/05/25 7:15 p.m.3 views

DEBIAN-CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

5.3CVSS6.1AI score0.02821EPSS
Exploits1References1
OSV
OSV
added 2021/05/25 7:15 p.m.4 views

UBUNTU-CVE-2021-32640

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...

5.3CVSS5.7AI score0.02821EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.5 views

github ws 资源管理错误漏洞

github ws is a software application. An easy-to-use, fast-running and thoroughly tested approach to WebSocket client and server implementations. A security vulnerability exists in versions of ws prior to 7.4.6, which stems from a special value in the "Sec-Websocket-Protocol" header that can be us...

5.3CVSS7.2AI score0.02821EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2021/04/29 12:0 a.m.36 views

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF WebSocket vulnerability (K18570111)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18570111 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...

7.5CVSS7.5AI score0.00961EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/02/11 12:0 a.m.38 views

F5 Networks BIG-IP : BIG-IP ASM WebSocket vulnerability (K88230177)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K88230177 advisory. - On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x...

7.5CVSS7.5AI score0.00961EPSS
Exploits0References2
OSV
OSV
added 2020/12/03 5:15 p.m.4 views

UBUNTU-CVE-2020-13543

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

8.8CVSS7.9AI score0.03266EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2020/11/02 2:48 p.m.1052 views

Exploit for Infinite Loop in Apache Tomcat

Exploit for WebSocket Vulnerability in Apache Tomcat CVE-2020...

7.5CVSS7.9AI score0.87553EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/09/25 12:0 p.m.7 views

accumulator (=0.3.0), ahq_store_rs_core (>=0.1.0 <=0.10.0-alpha.1.1) +123 more potentially affected by CVE-2020-35896 via ws (>=0.4.8 <=0.9.2)

ws CARGO version =0.4.8, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.0.1, =0.4.0, =0.1.0, =0.1.0, =0.9.0, =0.1.5, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35896 Source advisory: OSV:RUSTSEC-2020-0043...

7.5CVSS7.1AI score0.01336EPSS
Exploits0
Snyk
Snyk
added 2020/07/31 5:40 p.m.2 views

Improper Certificate Validation

Overview faye-websocket is a Standards-compliant WebSocket server and client. Affected versions of this package are vulnerable to Improper Certificate Validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS...

8.7CVSS6.9AI score0.00914EPSS
Exploits1References2
CNVD
CNVD
added 2020/07/22 12:0 a.m.14 views

Apache Tomcat Denial of Service Vulnerability (CNVD-2020-46230)

Apache Tomcat is the United States Apache Apache Software Foundation, a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in WebSocket in Apache Tomcat that stems from the program not properly validating the...

7.5CVSS8.2AI score0.87553EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/09/27 12:0 a.m.8 views

The vulnerability of the WebSocket component in Firefox browsers, which allows attackers to disclose protected information

The vulnerability of the WebSocket component in Firefox arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this mechanism...

6.4CVSS5.7AI score0.01702EPSS
Exploits0References7Affected Software4
vulnersOsv
vulnersOsv
added 2019/06/04 7:37 p.m.4 views

100notes-comments (=0.1.1), @_inlimbo/nativeui (>=0.0.1 <=0.0.9) +2264 more potentially affected by unknown CVE via ws (>=2.0.0 <=3.2.0)

ws NPM version =2.0.0, =0.0.1, =1.16.0, =1.6.0, =1.5.3, =0.0.1, =2015.7.15, =0.0.1, =0.0.74, =0.1.0, =1.0.0, =0.1.0, =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5V72-XG48-5RPM...

5.5AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/01/09 8:53 a.m.7 views

Core: AspNetCoreModule WebSocket DOS

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564...

7.5CVSS5.8AI score0.0821EPSS
Exploits0References4
exploitpack
exploitpack
added 2018/10/08 12:0 a.m.43 views

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...

7.2AI score
Exploits0
OSV
OSV
added 2018/07/31 5:29 p.m.5 views

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

6.1CVSS6.1AI score0.02304EPSS
Exploits0References3
OSV
OSV
added 2018/06/07 2:29 a.m.4 views

CVE-2017-16107

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.5CVSS5.8AI score0.02005EPSS
Exploits3References2
NVD
NVD
added 2018/05/31 8:29 p.m.28 views

CVE-2016-10532

console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...

10CVSS9.7AI score0.02369EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/02 12:0 a.m.4 views

Cesanta Mongoose Remote Code Execution Vulnerability

Cesanta Mongoose is a set of embedded servers from the Irish company Cesanta. websocket protocol is one of the websocket communication protocols. A remote code execution vulnerability exists in the Websocket protocol implementation in Cesanta Mongoose version 6.8. A remote attacker can exploit th...

9.8CVSS8.4AI score0.02417EPSS
Exploits2References1
Rows per page
Query Builder