Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

websockets project websockets vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2018-1000518
aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be ex...
Websockets Project Websockets 4.0
5.9
CVSSv3
CVE-2021-33880
The aaugustin websockets library prior to 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
Websockets Project WebsocketsOracle Communications Cloud Native Core Policy 1.14.0Oracle Communications Cloud Native Core Unified Data Repository 1.14.0Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.5.0
9.8
CVSSv3
CVE-2021-4236
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handle...
Web Project Web
9.8
CVSSv3
CVE-2014-125071
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620...
Gribbit Project Gribbit
7.5
CVSSv3
CVE-2022-21667
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unaut...
Soketi Project Soketi
5.3
CVSSv3
CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425e...
Ws Project WsNetapp E-series Performance Analyzer -
5.6
CVSSv3
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308Intel Atom C C2316Intel Atom C C2338Intel Atom C C2350Intel Atom C C2358Intel Atom C C2508Intel Atom C C2516Intel Atom C C2518Intel Atom C C2530Intel Atom C C2538Intel Atom C C2550Intel Atom C C2558Intel Atom C C2718Intel Atom C C2730Intel Atom C C2738Intel Atom C C2750Intel Atom C C2758Intel Atom C C3308Intel Atom C C3338Intel Atom C C3508Intel Atom C C3538Intel Atom C C3558
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook