Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5360 matches found

Prion
Prionadded 2020/08/03 5:15 p.m.13 views

Input validation

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection...

6.4CVSS8.9AI score0.02775EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2020/08/03 4:19 p.m.51 views

CVE-2020-16271

Kee Vault KeePassRPC (SRP-6a) before version 1.12.0 uses a weak random-number generator, enabling remote attackers to read and modify KeePass data over WebSocket. Affected component: SRP-6a implementation; impact is data confidentiality and integrity. Remediation: upgrade to KeePassRPC 1.12.0 or ...

9.1CVSS8.9AI score0.01506EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2020/08/03 4:19 p.m.20 views

CVE-2020-16272

The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection...

9.1AI score0.02775EPSS
Exploits1References2
CVE
CVEadded 2020/08/03 4:19 p.m.42 views

CVE-2020-16272

The CVE-2020-16272 entry concerns Kee Vault KeePassRPC prior to 1.12.0. The SRP-6a implementation lacks validation of a client-provided parameter, enabling remote attackers over a WebSocket (A=0) connection to read and modify data in the KeePass database. Multiple sources (NVD entry, Red Hat advi...

9.1CVSS9AI score0.02775EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linuxadded 2020/08/03 1:51 p.m.8 views

libvncserver: websocket decoding buffer overflow

A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as we...

9.8CVSS6AI score0.02259EPSS
Exploits0References4
Veracode
Veracodeadded 2020/08/03 4:22 a.m.61 views

Improper SSL Certificate Verification

faye is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the wss: connection made by the Faye::WebSocket::Client to be made unvalidated...

8.7CVSS2.4AI score0.00864EPSS
Exploits1References3Affected Software2
Veracode
Veracodeadded 2020/08/03 3:8 a.m.16 views

Improper SSL Certificate Verification

faye-websocket is vulnerable to improper SSL certificate validation. The vulnerability exists as it does not implement certificate verification by default, allowing any hostname in the wss: connection made by the Faye::WebSocket::Client to be made unvalidated...

8.7CVSS2.5AI score0.00914EPSS
Exploits1References4Affected Software2
CNVD
CNVDadded 2020/08/03 12:0 a.m.3 views

faye-websocket trust management issue vulnerability

faye-websocket is a WebSocket implementation , it mainly provides WebSocket server and client and so on. A trust management issue vulnerability exists in faye-websocket versions prior to 0.11.0, which stems from the program failing to perform certificate checking during the TLS handshake. An...

8.7CVSS9.1AI score0.00914EPSS
Exploits1References1
Kitploit
Kitploitadded 2020/08/02 9:30 p.m.86 views

DeimosC2 - A Golang Command And Control Framework For Post-Exploitation

DeimosC2 is a post-exploitation Command & Control C2 tool that leverages multiple communication methods in order to control machines that have been compromised. DeimosC2 server and agents works on, and has been tested on, Windows, Darwin, and Linux. It is entirely written in Golang with a front e...

7.6AI score
Exploits0References11
OSV
OSVadded 2020/07/31 6:15 p.m.3 views

DEBIAN-CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.9AI score0.00864EPSS
Exploits1References1
NVD
NVDadded 2020/07/31 6:15 p.m.20 views

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS8AI score0.00864EPSS
Exploits1References2
OSV
OSVadded 2020/07/31 6:15 p.m.1 views

DEBIAN-CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS7.9AI score0.00914EPSS
Exploits1References1
OSV
OSVadded 2020/07/31 6:15 p.m.18 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS8.4AI score
Exploits0References2
OSV
OSVadded 2020/07/31 6:15 p.m.3 views

UBUNTU-CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.2AI score0.00864EPSS
Exploits1References5
UbuntuCve
UbuntuCveadded 2020/07/31 6:15 p.m.13 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS7.2AI score0.00914EPSS
Exploits1References4
Prion
Prionadded 2020/07/31 6:15 p.m.11 views

Information disclosure

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

5.8CVSS8.3AI score0.00914EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCveadded 2020/07/31 6:15 p.m.31 views

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.2AI score0.00864EPSS
Exploits1References4
Prion
Prionadded 2020/07/31 6:15 p.m.24 views

Design/Logic Flaw

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

6.4CVSS8.3AI score0.00864EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2020/07/31 5:40 p.m.86 views

CVE-2020-15133

CVE-2020-15133 affects the faye-websocket library prior to 0.11.0. The issue is a lack of certificate verification in TLS handshakes: Faye::WebSocket::Client uses EM::Connection#start_tls for wss: connections and does not validate the server’s TLS certificate by default, enabling potential man-in...

8.7CVSS8AI score0.00914EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2020/07/31 5:40 p.m.16 views

CVE-2020-15133 Missing TLS certificate verification in Faye Websocket

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8CVSS8.4AI score0.00914EPSS
Exploits1References2
Rows per page
Query Builder