Lucene search
+L

280 matches found

OSV
OSV
added 2023/02/20 10:15 a.m.13 views

CVE-2016-15025

A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotel...

6.1CVSS6.1AI score
Exploits0References4
Prion
Prion
added 2023/02/20 10:15 a.m.14 views

Cross site scripting

A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotel...

5.8CVSS6.5AI score0.0053EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/02/20 9:31 a.m.48 views

CVE-2016-15025

The CVE-2016-15025 entry concerns generator-hottowel 0.0.11. Affected is an unknown function in app/templates/src/server/_app.js (404 Error Handler). The issue allows cross-site scripting and can be exploited remotely. A patch named c17092fd4103143a9ddab93c8983ace8bf174396 is available; applying ...

6.1CVSS4.7AI score0.0053EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.5 views

SUSE CVE-2019-11390

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with seterrorhandler at the beginning and nested repetition operators. NOT...

5.3CVSS5.6AI score0.01671EPSS
Exploits1References3
NVD
NVD
added 2022/11/08 10:15 p.m.61 views

CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS0.00731EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/08 9:54 a.m.6 views

expat: integer overflow in the doProlog function

A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service...

7.5CVSS6.9AI score0.03992EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/08 12:0 a.m.5 views

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS7.5AI score0.00731EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/08 12:0 a.m.65 views

CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....

7.5CVSS7.7AI score0.00731EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/11/07 9:13 p.m.27 views

fastify/websocket vulnerable to uncaught exception via crash on malformed packet

Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...

7.5CVSS7.2AI score0.00731EPSS
Exploits0References8Affected Software2
ATTACKERKB
ATTACKERKB
added 2022/10/06 8:15 p.m.3 views

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

7.5CVSS7.1AI score0.00757EPSS
Exploits0References3
Prion
Prion
added 2022/10/06 8:15 p.m.17 views

Design/Logic Flaw

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

5CVSS7.5AI score0.00757EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.7 views

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...

7.5CVSS7.3AI score0.00757EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/06 12:0 a.m.39 views

CVE-2022-27810

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode when asserts were enabled. This issue affects Hermes versions prior to v0.12.0...

7.7AI score0.00757EPSS
Exploits0References1
CVE
CVE
added 2022/10/06 12:0 a.m.54 views

CVE-2022-27810

CVE-2022-27810 affects the Hermes JavaScript engine prior to v0.12.0. The issue causes infinite recursion in the error handler when Hermes encounters certain malicious JavaScript, and is only triggerable in development mode (asserts enabled). Practical impact is a denial of service via a crash. A...

7.5CVSS7.4AI score0.00757EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/09/13 6:15 p.m.50 views

CVE-2022-36104

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads t...

7.5CVSS0.01362EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.5 views

PT-2022-23194 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.16 Description: The issue arises when requesting invalid or non-existing resources via HTTP, triggering the page error handler to retrieve content from another page, leading to recursive application calls that...

7.5CVSS7.3AI score0.01362EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.4 views

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from the fact that requesting an invalid or non-existent resource over HTTP triggers a page error handler that can retrieve the content...

7.5CVSS7.2AI score0.01362EPSS
Exploits0References5
OSV
OSV
added 2022/06/03 10:19 p.m.7 views

GHSA-P9P4-97G9-WCRH Dev error stack trace leaking into prod in Play Framework

Impact Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its DefaultHttpErrorHandler to do so based on the application mode. In its Scala API Play also provides a static object DefaultHttpErrorHandler...

5.9CVSS7AI score0.01233EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:20 a.m.21 views

Yii Framework reflected Cross-site Scripting

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...

7.5CVSS6.1AI score0.02859EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/02/27 3:24 a.m.15 views

GSD-2022-1000567 scsi: ufs: Fix a deadlock in the error handler

scsi: ufs: Fix a deadlock in the error handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.11 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder