Lucene search
K

5372 matches found

vulnersOsv
vulnersOsv
added 2022/05/17 12:18 a.m.5 views

cn.yanyvpingsheng:bililive-sdk (=0.1.0), com.cesanta:cloud-service-stubs (>=0.0.1 <=0.0.3) +26 more potentially affected by CVE-2017-1000209 via com.neovisionaries:nv-websocket-client (>=1.16 <=1.4)

com.neovisionaries:nv-websocket-client MAVEN version =1.16, =0.0.1, =0.0.1, =1.2, =1.2, =1.3.2, =1.9.1.10.0, =0.4.2, =1.5.1.9.2, =0.4.0, =2.6.0, =1.2.0, =1.0.0, =7.2.0 and more Source cves: CVE-2017-1000209 Source advisory: OSV:GHSA-4HXV-95RC-JQG7...

5.9CVSS6.2AI score0.0066EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/17 12:18 a.m.20 views

nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate

The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...

5.9CVSS5.3AI score0.0066EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/05/17 12:0 a.m.62 views

Apache Tomcat Request Obfuscation Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a request obfuscation vulnerability that stems from the fact that if a Web application sends a...

8.6CVSS8.2AI score0.07538EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 2:5 a.m.18 views

IPython Notebook vulnerable to improper validation of the origin of websocket requests

IPython Notebook 0.12 through 1.x before 1.2.0 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

6.8CVSS7.6AI score0.04665EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2022/05/14 2:5 a.m.3 views

GHSA-75CW-5CGV-G853 IPython Notebook vulnerable to improper validation of the origin of websocket requests

IPython Notebook 0.12 through 1.x before 1.2.0 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

9.8CVSS7.3AI score0.04665EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 1:58 a.m.35 views

OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity

OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...

5.1CVSS6.4AI score0.01068EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/05/14 12:1 a.m.29 views

GHSA-H3CH-5PP2-VH6W Improper socket reuse in Apache Tomcat

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS8.3AI score0.07538EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 12:1 a.m.60 views

Improper socket reuse in Apache Tomcat

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS0.5AI score0.07538EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/05/13 8:15 a.m.12 views

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS0.07538EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/13 8:15 a.m.4 views

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS6.7AI score0.07538EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 8:15 a.m.34 views

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS8.4AI score
Exploits0References3
OSV
OSV
added 2022/05/13 8:15 a.m.2 views

DEBIAN-CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS6.7AI score0.07538EPSS
Exploits0References1
Prion
Prion
added 2022/05/13 8:15 a.m.118 views

Code injection

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

7.5CVSS8.2AI score0.07538EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2022/05/13 8:15 a.m.35 views

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS6.7AI score0.07538EPSS
Exploits0References7
OSV
OSV
added 2022/05/13 8:15 a.m.1 views

UBUNTU-CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS6.8AI score0.07538EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2022/05/13 7:50 a.m.75 views

CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS7.2AI score0.07538EPSS
Exploits0
CVE
CVE
added 2022/05/13 7:50 a.m.1228 views

CVE-2022-25762

CVE-2022-25762 is a concrete vulnerability in Apache Tomcat affecting WebSocket handling. When a WebSocket message is sent concurrently with closing the connection on Tomcat 8.5.0–8.5.75 or 9.0.0.M1–9.0.20, the application may continue to use a socket after it has been closed. The described error...

8.6CVSS8.3AI score0.07538EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/05/13 7:50 a.m.25 views

CVE-2022-25762 Response mix-up with WebSocket concurrent send and close

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6AI score0.07538EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/13 7:20 a.m.40 views

Denial Of Service (DoS)

spring-messaging is vulnerable to denial of service. The vulnerability exists because the handleMessageInternal function of SimpleBrokerMessageHandler.java does not properly handle to ignore the invalid STOMP frames, allowing an attacker to cause an application crash through the WebSocket endpoin...

6.5CVSS2.6AI score0.02931EPSS
Exploits0References8Affected Software2
RedhatCVE
RedhatCVE
added 2022/05/13 12:41 a.m.281 views

CVE-2022-25762

A flaw was found in the tomcat package. When a web application sends a WebSocket message concurrently with the WebSocket connection closing, the application may continue to use the socket after it has been closed. In this case, the error handling triggered could cause the pooled object to be plac...

8.6CVSS0.9AI score0.07538EPSS
Exploits0References4
Rows per page
Query Builder