CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5368 matches found

NVD•added 2021/05/10 3:15 p.m.•17 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS0.00961EPSS

Exploits0References1

Prion•added 2021/05/10 3:15 p.m.•25 views

Design/Logic Flaw

5CVSS7.5AI score0.00961EPSS

Exploits0References1Affected Software1

CVE•added 2021/05/10 2:24 p.m.•68 views

CVE-2021-23010

CVE-2021-23010 affects BIG-IP ASM/Advanced WAF: when processing WebSocket requests with JSON payloads using the default JSON Content Profile, the BIG-IP ASM bd process may produce a core file. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x b...

7.5CVSS7.6AI score0.00961EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/05/10 2:24 p.m.•26 views

CVE-2021-23010

7.7AI score0.00961EPSS

Exploits0References1

Veracode•added 2021/05/10 2:49 a.m.•27 views

Denial Of Service (DoS)

eventlet is vulnerable to denial of service. The vulnerability exists as the size of websocket frame is not restricted, leading to a machine exhaustion when an attacker sends a huge websocket frames...

5.3CVSS2AI score0.01807EPSS

Exploits0References5Affected Software2

Github Security Blog•added 2021/05/07 3:50 p.m.•47 views

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

5.3CVSS1.5AI score0.01807EPSS

Exploits0References7Affected Software1

NVD•added 2021/05/07 3:15 p.m.•17 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS0.01807EPSS

Exploits0References3

OSV•added 2021/05/07 3:15 p.m.•32 views

CVE-2021-21419

5.3CVSS5.1AI score

Exploits0References3

OSV•added 2021/05/07 3:15 p.m.•1 views

DEBIAN-CVE-2021-21419

5.3CVSS6.6AI score0.01807EPSS

Exploits0References1

Prion•added 2021/05/07 3:15 p.m.•25 views

Code injection

5CVSS5.3AI score0.01807EPSS

Exploits0References3Affected Software2

PyPA•added 2021/05/07 3:15 p.m.•3 views

PYSEC-2021-12

5.3CVSS6.9AI score0.01807EPSS

Exploits0References1Affected Software1

UbuntuCve•added 2021/05/07 3:15 p.m.•23 views

CVE-2021-21419

5.3CVSS6.8AI score0.01807EPSS

Exploits0References2

OSV•added 2021/05/07 3:15 p.m.•4 views

UBUNTU-CVE-2021-21419

5.3CVSS6.8AI score0.01807EPSS

Exploits0References3

OSV•added 2021/05/07 3:15 p.m.•42 views

PYSEC-2021-12

5.3CVSS1AI score0.01807EPSS

Exploits0References1

Cvelist•added 2021/05/07 2:30 p.m.•31 views

CVE-2021-21419 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

5.3CVSS5.8AI score0.01807EPSS

Exploits0References3

Debian CVE•added 2021/05/07 2:30 p.m.•27 views

CVE-2021-21419

5.3CVSS6.2AI score0.01807EPSS

Exploits0

CNNVD•added 2021/05/07 12:0 a.m.•3 views

Eventlet 资源管理错误漏洞

Eventlet is a concurrent networking library for Python. A resource management error vulnerability exists in Eventlet versions prior to 0.31.0, which stems from the possibility that a websocket peer may exhaust memory on the Eventlet side by sending very large websocket frames...

5.3CVSS6.7AI score0.01807EPSS

Exploits0References18

Positive Technologies•added 2021/05/07 12:0 a.m.•8 views

PT-2021-3910 · Eventlet +3 · Eventlet +3

Name of the Vulnerable Software and Affected Versions: Eventlet versions prior to 0.31.0 Description: The issue is related to the handling of large websocket frames in the Eventlet library, which can lead to memory exhaustion. A malicious peer can exploit this by sending highly compressed data...

9.8CVSS6.2AI score0.83042EPSS

Exploits5References89

RedHat Linux•added 2021/05/06 5:45 p.m.•4 views

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

7.8CVSS7.2AI score0.53861EPSS

Exploits1References5

Tenable Nessus•added 2021/04/29 12:0 a.m.•36 views

F5 Networks BIG-IP : BIG-IP ASM and Advanced WAF WebSocket vulnerability (K18570111)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.5 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K18570111 advisory. - On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before...

7.5CVSS7.5AI score0.00961EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by