Lucene search
K

5459 matches found

Debian
Debian
added 2021/05/21 7:14 p.m.78 views

[SECURITY] [DSA 4916-2] prosody regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4916-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2021 https://www.debian.org/security/faq -...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/18 9:8 p.m.45 views

Integer overflow in github.com/gorilla/websocket

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

7.5CVSS7.3AI score0.02342EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/05/18 9:8 p.m.42 views

GHSA-3XH2-74W9-5VXM Integer overflow in github.com/gorilla/websocket

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

7.5CVSS7.2AI score0.02342EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/05/18 3:42 p.m.43 views

Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.1CVSS6.6AI score0.01099EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/05/18 3:42 p.m.22 views

GHSA-XHG2-RVM8-W2JH Rancher Vulnerable to Cross-site Request Forgery (CSRF)

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

8.7CVSS6.5AI score0.01099EPSS
Exploits0References4
OSV
OSV
added 2021/05/18 3:42 p.m.26 views

GO-2022-0755 Cross-site request forgery in github.com/rancher/rancher

Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher...

6.1CVSS6.2AI score0.01099EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2021/05/18 2:2 p.m.7 views

webkitgtk: use-after-free may lead to arbitrary code execution

A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability...

8.8CVSS8AI score0.03266EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/18 12:0 a.m.38 views

Security update for prosody (important)

openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0751-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes four...

7.8CVSS6.9AI score0.02261EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/05/17 12:0 a.m.37 views

Ubuntu 20.04 LTS : Eventlet vulnerability (USN-4956-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4956-1 advisory. It was discovered that Eventlet incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service. Tenable has extracte...

5.3CVSS6.7AI score0.01807EPSS
Exploits0References2
Node.js
Node.js
added 2021/05/13 8:29 p.m.90 views

Regular Expression Denial of Service

Overview In websocket-extensions before version 0.1.4, there is a vulnerability which allows an attacker to exhaust the server's capacity to process incoming requests by sending a WebSocket handshake request containing a header of the following form: Sec-WebSocket-Extensions: a;...

5CVSS3.6AI score0.02955EPSS
Exploits1Affected Software1
NVD
NVD
added 2021/05/10 3:15 p.m.17 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS0.00961EPSS
Exploits0References1
OSV
OSV
added 2021/05/10 3:15 p.m.4 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.5CVSS5.8AI score0.00961EPSS
Exploits0References1
Prion
Prion
added 2021/05/10 3:15 p.m.28 views

Design/Logic Flaw

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

5CVSS7.5AI score0.00961EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/10 2:24 p.m.72 views

CVE-2021-23010

CVE-2021-23010 affects BIG-IP ASM/Advanced WAF: when processing WebSocket requests with JSON payloads using the default JSON Content Profile, the BIG-IP ASM bd process may produce a core file. Affected versions include 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x b...

7.5CVSS7.6AI score0.00961EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/10 2:24 p.m.26 views

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

7.7AI score0.00961EPSS
Exploits0References1
Veracode
Veracode
added 2021/05/10 2:49 a.m.27 views

Denial Of Service (DoS)

eventlet is vulnerable to denial of service. The vulnerability exists as the size of websocket frame is not restricted, leading to a machine exhaustion when an attacker sends a huge websocket frames...

5.3CVSS2AI score0.01807EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/07 3:50 p.m.47 views

Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet

Impact A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. Patches Version 0.31.0 restricts websocket frame to reasonable limits. Workarounds Restricting memory usa...

5.3CVSS1.5AI score0.01807EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/05/07 3:15 p.m.19 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS0.01807EPSS
Exploits0References3
OSV
OSV
added 2021/05/07 3:15 p.m.32 views

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS5.1AI score
Exploits0References3
OSV
OSV
added 2021/05/07 3:15 p.m.1 views

DEBIAN-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.6AI score0.01807EPSS
Exploits0References1
Rows per page
Query Builder