Lucene search
K

5373 matches found

OSV
OSV
added 2022/09/06 11:15 p.m.4 views

CVE-2022-1368

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 3354 and prior is vulnerable to CWE-306: Missing Authentication for Critical Function, which allows unauthorized users to change the operator account password via webserver commands by monitoring web socket communications from an...

9.8CVSS5.8AI score0.00778EPSS
Exploits0References1
Veracode
Veracode
added 2022/09/05 7:23 p.m.30 views

Command Injection

tomcat6 is vulnerable to command injection. Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sending a specially-crafted WebSocket message...

8.6CVSS7.8AI score0.07538EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/08/23 4:15 p.m.21 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS7.7AI score0.01375EPSS
Exploits1References4
NVD
NVD
added 2022/08/23 4:15 p.m.19 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS0.01375EPSS
Exploits1References4
OSV
OSV
added 2022/08/23 4:15 p.m.1 views

DEBIAN-CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS6.5AI score0.01375EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/08/23 4:15 p.m.32 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS6.8AI score0.01375EPSS
Exploits1References2
Prion
Prion
added 2022/08/23 4:15 p.m.25 views

Design/Logic Flaw

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

5CVSS7AI score0.01375EPSS
Exploits1References4Affected Software3
OSV
OSV
added 2022/08/23 4:15 p.m.1 views

UBUNTU-CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS6.8AI score0.01375EPSS
Exploits1References3
CVE
CVE
added 2022/08/23 3:50 p.m.338 views

CVE-2021-3690

CVE-2021-3690 affects Undertow: a buffer leak on the incoming WebSocket PONG message can cause memory exhaustion leading to DoS. The vulnerability impacts Undertow-based components (WebSocket handling). A security update/patch for Undertow is available per OSV/OESA entries; exploit details are no...

7.5CVSS7.1AI score0.01375EPSS
Exploits1References4Affected Software7
Cvelist
Cvelist
added 2022/08/23 3:50 p.m.38 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.4AI score0.01375EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/08/23 3:50 p.m.71 views

CVE-2021-3690

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability...

7.5CVSS6.1AI score0.01375EPSS
Exploits1
OSV
OSV
added 2022/08/22 5:20 p.m.36 views

GO-2022-0947

In Mellium mellium.im/xmpp, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during verification...

5.9CVSS2.7AI score0.00619EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/08/06 5:20 a.m.4 views

adsbx_browser (=0.1.0), adsbx_screenshot (>=0.1.0 <=1.4.1) +98 more potentially affected by CVE-2022-35922 via websocket (>=0.10.5 <=0.24.0)

websocket CARGO version =0.10.5, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.0.6, =1.0.0, =0.1.0, =0.0.0, =0.1.0, =0.1.2, =0.3.3, =0.6.25, =0.0.3, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35922 Source advisory: OSV:GHSA-QRJV-RF5Q-QPXC...

7.5CVSS7.1AI score0.01454EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/08/06 5:20 a.m.280 views

Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS7.2AI score0.01454EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/08/06 5:20 a.m.43 views

GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

7.5CVSS7.4AI score0.01454EPSS
Exploits0References7
Amazon
Amazon
added 2022/08/05 12:0 a.m.83 views

Important: tomcat8

Issue Overview: A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled...

8.6CVSS7.6AI score0.71653EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/08/05 12:0 a.m.71 views

Amazon Linux AMI : tomcat8 (ALAS-2022-1627)

The version of tomcat8 installed on the remote host is prior to 8.5.81-1.91. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1627 advisory. A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocke...

8.6CVSS7.2AI score0.71653EPSS
Exploits5References5
BDU FSTEC
BDU FSTEC
added 2022/08/02 12:0 a.m.5 views

The vulnerabilities of the monitoring and process management software components in the ICONICS Suite, GENESIS64, Hyper Historian, Energy AnalytiX, and MobileHMI systems stem from the use of an incomplete blacklist. This allows attackers to bypass authentication procedures or gain unauthorized access to devices.

The vulnerabilities of the monitoring and process management software suites ICONICS Suite, GENESIS64, Hyper Historian, Energy AnalytiX, and MobileHMI are related to the use of an incomplete blacklist. Exploiting these vulnerabilities allows a malicious actor to bypass authentication procedures o...

10CVSS7.8AI score0.02884EPSS
Exploits0References3Affected Software5
NVD
NVD
added 2022/08/01 10:15 p.m.47 views

CVE-2022-35922

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

7.5CVSS0.01454EPSS
Exploits0References4
Prion
Prion
added 2022/08/01 10:15 p.m.29 views

Design/Logic Flaw

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

5CVSS7.4AI score0.01454EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder