CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlmaLinux•added 2020/08/10 1:51 p.m.•37 views

Important: libvncserver security update

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fixes: libvncserver: websocket decoding buffer overflow CVE-2017-18922 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

9.8CVSS9.5AI score0.02259EPSS

Exploits0References1

RedHat Linux•added 2020/08/10 11:36 a.m.•4 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

RedHat Linux•added 2020/08/10 11:21 a.m.•5 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

Tenable Nessus•added 2020/08/10 12:0 a.m.•30 views

RHEL 8 : libvncserver (RHSA-2020:3385)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3385 advisory. LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fixes: libvncserver: websocket decodin...

9.8CVSS8.5AI score0.02259EPSS

Exploits0References4

CNVD•added 2020/08/08 12:0 a.m.•2 views

File Upload Vulnerability in WeLive Online Customer Service System of Beijing Wein Software

WeLive customer service system uses WebSocket communication technology, based on PHP development, does not rely on the official server. It supports full-duplex communication between the client browser and the remote host, that is, it allows the server to actively push information to the client,...

7AI score

Exploits0

OpenVAS•added 2020/08/08 12:0 a.m.•31 views

CentOS: Security Advisory for libvncserver (CESA-2020:3281)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02259EPSS

Tenable Nessus•added 2020/08/07 12:0 a.m.•36 views

CentOS 7 : libvncserver (RHSA-2020:3281)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3281 advisory. - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this ...

9.8CVSS8.6AI score0.02259EPSS

Tenable Nessus•added 2020/08/06 12:0 a.m.•54 views

Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4448-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4448-1 advisory. It was discovered that Tomcat incorrectly validated the payload length in a WebSocket frame. A remote attacker could possibly use this issue to cause...

7.5CVSS8AI score0.87553EPSS

Exploits16References4

RedHat Linux•added 2020/08/04 11:39 a.m.•5 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

RedHat Linux•added 2020/08/04 11:31 a.m.•1 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

RedHat Linux•added 2020/08/04 11:31 a.m.•90 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.3.2 security update

Updated Red Hat JBoss Web Server 5.3.2 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

7.5CVSS6.7AI score0.87553EPSS

Exploits1References3

RedHat Linux•added 2020/08/04 11:18 a.m.•2 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

RedHat Linux•added 2020/08/04 11:17 a.m.•4 views

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

Veracode•added 2020/08/04 2:2 a.m.•8 views

Denial Of Service (DoS)

libvncserver is vulnerable to denial of service DoS. The vulnerability exists through a websocket decoding buffer overflow...

9.8CVSS6.5AI score0.02259EPSS

Exploits0References17Affected Software1

Tenable Nessus•added 2020/08/04 12:0 a.m.•71 views

RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 10 (RHSA-2020:3303)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3303 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

7.5CVSS7.6AI score0.87553EPSS

Exploits1References6

OSV•added 2020/08/03 5:15 p.m.•20 views

CVE-2020-16271

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection...

9.1CVSS6.8AI score

NVD•added 2020/08/03 5:15 p.m.•10 views

CVE-2020-16271

9.1CVSS9AI score0.01506EPSS

Exploits1References2

OSV•added 2020/08/03 5:15 p.m.•17 views

CVE-2020-16272

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection...

9.1CVSS6.9AI score