CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5369 matches found

RedHat Linux•added 2021/07/27 10:36 p.m.•1 views

python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

5.3CVSS7.3AI score0.01807EPSS

Exploits0References4

Cvelist•added 2021/07/27 2:20 p.m.•18 views

CVE-2020-16839

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...

7.8AI score0.01177EPSS

Exploits0References3

CVE•added 2021/07/27 2:20 p.m.•60 views

CVE-2020-16839

This CVE affects Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices prior to patch DM-XIO/1-0-3-802. The root issue is an unauthenticated WebSocket request that allows changing the device password, indicating a lack of proper permission validation on the WebSocket API. The vulnerability is...

7.5CVSS7.8AI score0.01177EPSS

Exploits0References4Affected Software1

Hacker One•added 2021/07/23 4:9 a.m.•33 views

PortSwigger Web Security: RCE of Burp Scanner / Crawler via Clickjacking

A vulnerability was discovered in Burp Suite, a web application security testing tool. The vulnerability allowed an attacker to exploit a known XSS vulnerability in the embedded Chrome browser used by Burp Suite. By leveraging this vulnerability, an attacker could execute arbitrary commands on th...

6.8AI score

Exploits0

RedhatCVE•added 2021/07/18 1:58 a.m.•124 views

CVE-2020-7662

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

5CVSS4.2AI score0.02955EPSS

Exploits1References4

CNVD•added 2021/07/14 12:0 a.m.•21 views

Dell powerflex presentation server data forgery issue vulnerability

DELL Dell EMC PowerFlex is an application from Dell of America DELL, Inc. Dell powerflex presentation server data forgery issue vulnerability, which originates from the product's websocket in the Presentation Server/WebUI does not do user identity An attacker could hijack the Websocket to trick...

6.5CVSS2.7AI score0.00336EPSS

Exploits0References1

NVD•added 2021/07/13 9:15 p.m.•16 views

CVE-2021-32755

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new...

5.4CVSS0.00314EPSS

Exploits0References1

OSV•added 2021/07/13 9:15 p.m.•2 views

CVE-2021-32755

4.3CVSS5.8AI score0.00314EPSS

Exploits0References1

Prion•added 2021/07/13 9:15 p.m.•14 views

Design/Logic Flaw

4CVSS4.7AI score0.00314EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/07/13 12:0 a.m.•7 views

Wire 信任管理问题漏洞

Wire is a chat software by an individual developer. The software supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos as well as its original greeting method PING. A security vulnerability exists in Wire that stems from a request...

5.4CVSS5.2AI score0.00314EPSS

Exploits0References2

NVD•added 2021/07/12 4:15 p.m.•13 views

CVE-2021-21588

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. An unauthenticated attacker could potentially exploit this vulnerability by tricking the user into performing unwanted actions on the Presentation Server and perform which may lead ...

6.5CVSS0.00336EPSS

Exploits0References1

OSV•added 2021/07/12 4:15 p.m.•4 views

CVE-2021-21588

4.3CVSS5.8AI score0.00336EPSS

Exploits0References1

Prion•added 2021/07/12 4:15 p.m.•15 views

Cross site scripting

4.3CVSS4.6AI score0.00336EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/07/12 3:40 p.m.•14 views

CVE-2021-21588

6.5CVSS6.6AI score0.00336EPSS

Exploits0References1

CVE•added 2021/07/12 3:40 p.m.•46 views

CVE-2021-21588

CVE-2021-21588 affects Dell EMC PowerFlex, specifically the Presentation Server/WebUI in v3.5.x. The issue is a Cross-Site WebSocket Hijacking vulnerability where an unauthenticated attacker could trick a logged-in user into performing unintended actions on the Presentation Server, potentially le...

6.5CVSS4.5AI score0.00336EPSS

Exploits0References1Affected Software1

OSV•added 2021/07/12 2:15 p.m.•2 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS5.8AI score0.00714EPSS

Exploits1References1

ATTACKERKB•added 2021/07/12 2:15 p.m.•4 views

CVE-2021-36383

4.3CVSS5.4AI score0.00714EPSS

Exploits1References2

Cvelist•added 2021/07/12 1:18 p.m.•16 views

CVE-2021-36383

4.9AI score0.00714EPSS

Exploits1References1

RedHat Linux•added 2021/07/12 12:12 p.m.•4 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS

Exploits1References5

CNNVD•added 2021/07/12 12:0 a.m.•6 views

Dell EMC PowerFlex数据伪造问题漏洞

6.5CVSS5.6AI score0.00336EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by