160 matches found
PT-2021-23591 · Unknown · Github.Com/Ecnepsnai/Web
Name of the Vulnerable Software and Affected Versions: github.com/ecnepsnai/web package versions prior to 1.5.2 Description: The issue arises when Web Sockets do not execute any AuthenticateMethod methods, potentially leading to a nil pointer dereference or authentication bypass. This problem...
AZL-44670 CVE-2021-32640 affecting package js-jquery 3.5.0-4
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...
DEBIAN-CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...
UBUNTU-CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...
github ws 资源管理错误漏洞
github ws is a software application. An easy-to-use, fast-running and thoroughly tested approach to WebSocket client and server implementations. A security vulnerability exists in versions of ws prior to 7.4.6, which stems from a special value in the "Sec-Websocket-Protocol" header that can be us...
F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF WebSocket vulnerability (K18570111)
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18570111 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...
F5 Networks BIG-IP : BIG-IP ASM WebSocket vulnerability (K88230177)
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K88230177 advisory. - On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x...
UBUNTU-CVE-2020-13543
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...
Exploit for Infinite Loop in Apache Tomcat
Exploit for WebSocket Vulnerability in Apache Tomcat CVE-2020...
accumulator (=0.3.0), ahq_store_rs_core (>=0.1.0 <=0.10.0-alpha.1.1) +123 more potentially affected by CVE-2020-35896 via ws (>=0.4.8 <=0.9.2)
ws CARGO version =0.4.8, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.0.1, =0.4.0, =0.1.0, =0.1.0, =0.9.0, =0.1.5, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35896 Source advisory: OSV:RUSTSEC-2020-0043...
Improper Certificate Validation
Overview faye-websocket is a Standards-compliant WebSocket server and client. Affected versions of this package are vulnerable to Improper Certificate Validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS...
Apache Tomcat Denial of Service Vulnerability (CNVD-2020-46230)
Apache Tomcat is the United States Apache Apache Software Foundation, a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. A security vulnerability exists in WebSocket in Apache Tomcat that stems from the program not properly validating the...
The vulnerability of the WebSocket component in Firefox browsers, which allows attackers to disclose protected information
The vulnerability of the WebSocket component in Firefox arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by this mechanism...
100notes-comments (=0.1.1), @_inlimbo/nativeui (>=0.0.1 <=0.0.9) +2264 more potentially affected by unknown CVE via ws (>=2.0.0 <=3.2.0)
ws NPM version =2.0.0, =0.0.1, =1.16.0, =1.6.0, =1.5.3, =0.0.1, =2015.7.15, =0.0.1, =0.0.74, =0.1.0, =1.0.0, =0.1.0, =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5V72-XG48-5RPM...
Core: AspNetCoreModule WebSocket DOS
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...
CVE-2018-10609
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...
CVE-2017-16107
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2016-10532
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running...
Cesanta Mongoose Remote Code Execution Vulnerability
Cesanta Mongoose is a set of embedded servers from the Irish company Cesanta. websocket protocol is one of the websocket communication protocols. A remote code execution vulnerability exists in the Websocket protocol implementation in Cesanta Mongoose version 6.8. A remote attacker can exploit th...