Lucene search
K

5372 matches found

Snyk
Snyk
added 2022/06/23 9:26 a.m.2 views

Malicious Package

Overview channel-websocket is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

9.8CVSS7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:8 p.m.3 views

Malicious code in superset-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71368c8e29fe057fcc95335932ec6248b0a21541c5be1c4f54aa8fa03167a152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:8 p.m.60 views

MAL-2022-6354 Malicious code in superset-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 71368c8e29fe057fcc95335932ec6248b0a21541c5be1c4f54aa8fa03167a152 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.3 views

Malicious code in hb-websocket-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7dec13e28e581a9f8949e7c49dcc4ff1e9957ae0b21e4d422b33d6ac2e8c724 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.6 views

MAL-2022-3572 Malicious code in hb-websocket-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b7dec13e28e581a9f8949e7c49dcc4ff1e9957ae0b21e4d422b33d6ac2e8c724 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:11 p.m.4 views

Malicious code in moralis-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14634273e48d41bdb2458210235b37dfd6b2533ee98bbb97d873674841041de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:11 p.m.21 views

MAL-2022-4696 Malicious code in moralis-websocket (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 14634273e48d41bdb2458210235b37dfd6b2533ee98bbb97d873674841041de0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2022/06/14 7:0 a.m.37 views

Spring Tips: Learn Spring for GraphQL (parts 5 and 6 of an ongoing series)

Hi, Spring fans! In thi^^^ these installments, we continue our series introducing the Spring for GraphQL project. This series features Spring for GraphQL lead Rossen Stoyanchev @rstoya05 - whose work you may know from basically everything in the wide and wonderful world of Springdom having to do...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 7:7 p.m.17 views

Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS6.7AI score0.00714EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/05/24 7:7 p.m.15 views

GHSA-GRVM-GCQF-GH8Q Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS4.5AI score0.00714EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:24 p.m.27 views

DevSpace vulnerable to remote code execution

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

9.8CVSS8AI score0.02716EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/24 5:24 p.m.14 views

GHSA-6H8C-GW33-CJM2 DevSpace vulnerable to remote code execution

The UI in DevSpace 4.13.0 allows web sites to execute actions on pods on behalf of a victim because of a lack of authentication for the WebSocket protocol. This leads to remote code execution...

9.8CVSS10AI score0.02716EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/23 12:0 a.m.5 views

The vulnerability of the Apache Tomcat application server arises from errors that occur when both the WebSocket connection is terminated and WebSocket messages are sent at the same time. This allows an attacker to disclose sensitive information or carry out other malicious actions.

The vulnerability of the Apache Tomcat application server is related to errors that occur when both the WebSocket connection is closed and a WebSocket message is sent. Exploiting this vulnerability allows a malicious actor to disclose sensitive information or cause other adverse effects...

9CVSS6.7AI score0.07538EPSS
Exploits0References3Affected Software4
RedhatCVE
RedhatCVE
added 2022/05/20 11:55 p.m.40 views

CVE-2017-2921

An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An...

9.8CVSS4.2AI score0.31045EPSS
Exploits13References1
OSV
OSV
added 2022/05/20 12:15 p.m.2 views

CVE-2022-25227

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing CORS vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE...

8.8CVSS5.8AI score0.00623EPSS
Exploits1References1
Prion
Prion
added 2022/05/20 12:15 p.m.14 views

Cross site scripting

Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing CORS vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE...

6.8CVSS8.5AI score0.00623EPSS
Exploits1References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/05/19 10:56 a.m.25 views

Spring for GraphQL 1.0 Release

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2022/05/18 5:34 p.m.128 views

CVE-2022-22971

A flaw was found in Spring Framework Applications. Applications that use STOMP over the WebSocket endpoint are vulnerable to a denial of service attack caused by an authenticated user...

6.5CVSS2.9AI score0.02931EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 3:46 a.m.29 views

GHSA-RP9P-863F-9C4H Cross-site Scripting in Apache ActiveMQ

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS8.1AI score0.06018EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2022/05/17 12:18 a.m.5 views

cn.yanyvpingsheng:bililive-sdk (=0.1.0), com.cesanta:cloud-service-stubs (>=0.0.1 <=0.0.3) +26 more potentially affected by CVE-2017-1000209 via com.neovisionaries:nv-websocket-client (>=1.16 <=1.4)

com.neovisionaries:nv-websocket-client MAVEN version =1.16, =0.0.1, =0.0.1, =1.2, =1.2, =1.3.2, =1.9.1.10.0, =0.4.2, =1.5.1.9.2, =0.4.0, =2.6.0, =1.2.0, =1.0.0, =7.2.0 and more Source cves: CVE-2017-1000209 Source advisory: OSV:GHSA-4HXV-95RC-JQG7...

5.9CVSS6.2AI score0.0066EPSS
Exploits0
Rows per page
Query Builder