Lucene search
K

5373 matches found

OSV
OSV
added 2023/01/18 12:0 a.m.0 views

UBUNTU-CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS7.1AI score0.00601EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/01/18 12:0 a.m.36 views

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.8AI score0.00601EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/17 12:0 a.m.26 views

Mozilla Firefox ESR < 102.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-02 advisory. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and...

8.8CVSS8.3AI score0.00892EPSS
Exploits0References9
OSV
OSV
added 2023/01/09 9:55 p.m.29 views

GHSA-CM8H-Q92V-XCFC mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

5.3CVSS6AI score0.01056EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/01/09 9:55 p.m.54 views

mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

7.5CVSS7.1AI score0.01056EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2023/01/09 3:15 p.m.11 views

CVE-2023-22477

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

7.5CVSS6.1AI score0.01056EPSS
Exploits1References3
Prion
Prion
added 2023/01/09 3:15 p.m.9 views

Code injection

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

5CVSS7.3AI score0.01056EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/09 2:12 p.m.7 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

5.3CVSS6.4AI score0.01056EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/01/09 2:12 p.m.16 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

5.3CVSS7.6AI score0.01056EPSS
Exploits1References3
OSV
OSV
added 2023/01/09 2:12 p.m.21 views

CVE-2023-22477 Mercurius is vulnerable to denial of service (DoS) when using subscriptions

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

5.3CVSS7.3AI score0.01056EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.3 views

Mercurius 安全漏洞

Mercurius is a GraphQL adapter Fastify. A security vulnerability exists in Mercurius versions prior to 10.5.0, which is caused by a denial of service attack when any user sends an incorrectly formatted packet to "/graphql" via WebSocket...

7.5CVSS7.3AI score0.01056EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.7 views

PT-2023-18529 · Mercurius · Mercurius

Name of the Vulnerable Software and Affected Versions: Mercurius versions prior to 11.5.0 Description: Mercurius is a GraphQL adapter for Fastify. The issue allows for a denial of service attack by sending a malformed packet over WebSocket to "/graphql". This can affect any users of Mercurius...

7.5CVSS7.4AI score0.01056EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.4 views

PT-2023-10141 · Lukehutch · Gribbit

Name of the Vulnerable Software and Affected Versions: lukehutch Gribbit affected versions not specified Description: A problematic issue was found in lukehutch Gribbit, affecting the messageReceived function of the file src/gribbit/request/HttpRequestHandler.java. This issue leads to missing...

9.8CVSS5.8AI score0.00396EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/12/29 6:36 p.m.54 views

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

6.1CVSS6.2AI score0.00502EPSS
Exploits0References3
OSV
OSV
added 2022/12/29 6:36 p.m.36 views

CVE-2022-46181 Gotify server XSS vulnerability in the application image file upload

Gotify server is a simple server for sending and receiving messages in real-time per WebSocket. Versions prior to 2.2.2 contain an XSS vulnerability that allows authenticated users to upload .html files. An attacker could execute client side scripts if another user opened a link. The attacker cou...

6.1CVSS5.3AI score0.00502EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/12/22 12:0 a.m.10 views

destiny.gg chat 跨站请求伪造漏洞

destiny.gg chat is destiny.gg open source a destin.gg chat backend. destiny.gg chat suffers from a cross-site request forgery vulnerability that stems from a problem with the function websocket.Upgrader in the file main.go, which could lead to cross-site request forgery...

8.8CVSS7.5AI score0.00343EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/22 12:0 a.m.6 views

PT-2022-9020 · Unknown · Destiny.Gg Chat

Name of the Vulnerable Software and Affected Versions: destiny.gg chat affected versions not specified Description: A vulnerability was found in the destiny.gg chat, affecting the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery, and the attack...

8.8CVSS6.8AI score0.00343EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2022/12/07 4:3 a.m.43 views

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

NOTE: In this blog, Zerobot refers to a botnet that spreads primarily through IoT and web application vulnerabilities. It is not associated with the chatbot ZeroBot.ai. A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen...

7.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/11/30 12:0 a.m.7 views

The vulnerability of WebSocket functions in WebKitGTK and WPE WebKit rendering modules allows attackers to execute arbitrary code.

The vulnerability of WebSocket functions in WebKitGTK and WPE WebKit implementations relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by opening a specially created web page...

10CVSS8.1AI score0.03266EPSS
Exploits1References9Affected Software7
RedHat Linux
RedHat Linux
added 2022/11/15 10:41 a.m.12 views

tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS

A memory leak flaw was found in Apache Tomcat, where an HTTP upgrade connection does not release for WebSocket connections once the WebSocket connection is closed. If a sufficient number of such requests are made, an OutOfMemoryError occurs, leading to a denial of service. The highest threat from...

7.5CVSS6.7AI score0.10997EPSS
Exploits0References9
Rows per page
Query Builder