Lucene search
K

5373 matches found

RedHat Linux
RedHat Linux
added 2022/11/15 9:58 a.m.7 views

httpd: mod_lua: Information disclosure with websockets

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...

7.5CVSS7.1AI score0.04687EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

patrickfuller camp 安全漏洞

patrickfuller camp patrickfuller camp is a websocket-based Raspberry Pi webcam web server by the individual developer Patrick Fuller. A security vulnerability exists in patrickfuller camp commit number: bbd53a256ed70e79bd8758080936afbf6d738767, which stems from the fact that its...

9.8CVSS8.3AI score0.49201EPSS
Exploits3References7
OSV
OSV
added 2022/11/11 11:4 a.m.3 views

OESA-2022-2093 rubygem-websocket-extensions security update

Generic extension manager for WebSocket connections. Security Fixes: websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content ...

7.5CVSS6.9AI score0.04404EPSS
Exploits1References2
Veracode
Veracode
added 2022/11/09 4:37 a.m.36 views

Denial Of Service (DoS)

@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the fastifyWebsocket function in index.js which crashes the application on an uncaught exception when processing a malformed packet...

7.5CVSS7.1AI score0.00731EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2022/11/08 10:15 p.m.39 views

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS0.00731EPSS
Exploits0References1
Prion
Prion
added 2022/11/08 10:15 p.m.17 views

Design/Logic Flaw

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

5CVSS7.4AI score0.00731EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.50 views

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS7.7AI score0.00731EPSS
Exploits0References1
CVE
CVE
added 2022/11/08 12:0 a.m.87 views

CVE-2022-39386

The CVE concerns @fastify/websocket/fastify-websocket: all versions are reported to crash when processing a specific malformed WebSocket packet, causing a Denial of Service. The issue stems from a crash on malformed input, and the module is deprecated with no built-in patches. Patched versions ar...

7.5CVSS7.4AI score0.00731EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.5 views

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS7.5AI score0.00731EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.33 views

Fastify 安全漏洞

Fastify is an open source web framework for Node.js from the OpenJS Foundation. Fastify fastify-websocket suffers from a security vulnerability that originates from an attacker sending it specific packets in the wrong format, which could cause it to crash...

7.5CVSS7.3AI score0.00731EPSS
Exploits0References2
OSV
OSV
added 2022/11/08 12:0 a.m.32 views

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS7.3AI score0.00731EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/11/07 9:13 p.m.2 views

@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...

7.5CVSS7.1AI score0.00731EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/11/07 9:13 p.m.23 views

fastify/websocket vulnerable to uncaught exception via crash on malformed packet

Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...

7.5CVSS7.2AI score0.00731EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2022/11/07 9:13 p.m.1 views

GHSA-4PCG-WR6C-H9CQ fastify/websocket vulnerable to uncaught exception via crash on malformed packet

Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...

7.5CVSS5.7AI score0.00731EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.7 views

PT-2022-24945 · Fastify · @Fastify/Websocket

Name of the Vulnerable Software and Affected Versions: fastify-websocket versions prior to 7.1.1 fastify v4 and prior to 5.0.1 fastify v3 @fastify/websocket all versions, deprecated Description: Any application using @fastify/websocket could crash if a specific, malformed packet is sent. The issu...

7.5CVSS7.4AI score0.00731EPSS
Exploits0References11
Kitploit
Kitploit
added 2022/11/02 11:30 a.m.30 views

Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled. Tested and working against Visual Studio Code, Discord, any Node.js application and more! How 1. Locate t...

8AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/10/25 5:33 p.m.50 views

.NET Core Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0,...

7.5CVSS1.2AI score0.03858EPSS
Exploits0References5Affected Software23
OSV
OSV
added 2022/10/25 5:33 p.m.42 views

GHSA-RH58-R7JH-XHX3 .NET Core Elevation of Privilege Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0,...

7.5CVSS7.1AI score0.03858EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/10/18 9:6 a.m.4 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
OSV
OSV
added 2022/10/14 11:4 a.m.6 views

OESA-2022-1989 lighttpd security update

Secure, fast, compliant and very flexible web-server which has been optimized for high-performance environments. It has a very low memory footprint compared to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more...

7.5CVSS6.6AI score0.02714EPSS
Exploits5References3
Rows per page
Query Builder