NPM: ws: Uninitialized memory disclosure

NPM: ws: Uninitialized memory disclosure vulnerability discovered by ? in WordPress Npm ws versions = 8.0.0, 8.20.1...

org.webjars.npm:autobahn (=0.11.2), org.webjars.npm:blockly (>=9.3.2 <=10.4.1) +17 more potentially affected by CVE-2026-45736 via org.webjars.npm:ws (>=8.11.0 <=8.2.3)

org.webjars.npm:ws MAVEN version =8.11.0, =9.3.2, =6.2.1, =6.2.1, =0.19.11, =0.2.11, =21.1.1, =22.1.0 - org.webjars.npm:nestjsplatform-socket.io =9.0.0-next.2 and more Source cves: CVE-2026-45736 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16722636...

EUVD-2010-0812

Malware in sbrugna...

EUVD-2017-1890

Malware in sbrugna...

EUVD-2013-2361

Malware in sbrugna...

EUVD-2014-2459

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is a simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455. By sending an overly lo...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ws-3.3.3.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ws-3.3.3.tgz Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be...

0.edsql (>=1.0.49 <=1.0.50), 0xlib (=5.6.6) +7644 more potentially affected by CVE-2024-37890 via ws (>=7.0.0 <=7.5.1)

ws NPM version =7.0.0, =1.0.49, =1.0.0, =0.1.0, =0.0.12, =0.0.12, =0.1.0, =1.0.22, =3.10.1, =0.0.1, =0.0.6 and more Source cves: CVE-2024-37890 Source advisory: OSV:GHSA-3H5V-Q93C-6H6Q...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +2771 more potentially affected by CVE-2021-32640 via ws (>=7.0.0 <=7.4.5)

ws NPM version =7.0.0, =1.0.0, =0.0.12, =0.0.12, =3.10.1, =5.0.0, =1.14.2, =1.0.1, =0.1.13, =0.0.4, =1.0.2, =0.1.0, =1.0.0, =1.0.4 and more Source cves: CVE-2021-32640 Source advisory: OSV:GHSA-6FC8-4GX4-V693...

Information Disclosure

play-ws is vulnerable to information disclosure. The vulnerability exists through a regression caused by async-http-client that causes HTTP CONNECT requests set to an outbound HTTPS requests when using an authenticated proxy server...

02moduletest (=1.0.0), 10er10 (=0.23.0) +5716 more potentially affected by unknown CVE via ws (>=0.3.1 <=1.1.4)

ws NPM version =0.3.1, =0.0.1, =1.0.2, =0.0.1, =1.0.1, =0.1.0, =0.0.1, =0.0.15, =0.9.0, =0.0.1, =0.0.1, =0.1.2, =1.0.0-alpha1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-5V72-XG48-5RPM...

GHSA-2MHH-W6Q8-5HXW Remote Memory Disclosure in ws

Versions of ws prior to 1.0.1 are affected by a remote memory disclosure vulnerability. In certain rare circumstances, applications which allow users to control the arguments of a client.ping call will cause ws to send the contents of an allocated but non-zero-filled buffer to the server. This ma...

02moduletest (=1.0.0), 10er10 (=0.23.0) +3956 more potentially affected by CVE-2016-10518 via ws (>=0.3.1 <=1.0.0)

ws NPM version =0.3.1, =0.0.1, =0.1.0, =0.0.1, =0.9.0, =0.0.1, =0.0.1, =0.1.2, =1.0.1, =0.1.16, =0.1.59-master.20200611224542 - @baiducloud/sdk =1.0.1-beta.7 - @bananaroxana/appsexpress =1.0.0 - @bananaroxana/myfirstapp =1.0.0 and more Source cves: CVE-2016-10518 Source advisory:...

CVE-2017-10350

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAX-WS. Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

CVE-2014-2423

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458...

CVE-2014-0452

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...