CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

Lustre mdt module code issue vulnerability

Lustre is a parallel distributed file system typically used in large computer clusters and supercomputers, of which Lustre mdt is a module. A code issue vulnerability exists in the Lustre mdt module. The vulnerability stems from an improperly designed or implemented code development process for a...

Ansible: vulnerability in solaris_zone module via crafted solaris zone

A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the na...

CVE-2019-19714

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...

Multiple Remote Command Execution Vulnerabilities in USR-LTE-7S4 V2

Jinan Arata Networking Technology Co., Ltd. is a technology company that makes serial networking modules. Multiple remote command execution vulnerabilities exist in the 4G module USR-LTE-7S4 V2 in Jinan Youjin Networking Technology Co. This allows an attacker to remotely execute commands...

CVE-2019-11019

Lack of authentication in case-exporting components in DDRT Dashcom Live through 2019-05-08 allows anyone to remotely access all claim details by visiting easily guessable exportpdf/allclaimdetail.php?claimid= URLs...

The vulnerability of the KMD module in Intel Graphics Driver allows a hacker to trigger a service failure.

The vulnerability of the KMD module in the Intel Graphics Driver lies in reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

CVE-2019-12816

CVE-2019-12816 affects ZNC (before 1.7.4-rc1). Vulnerability in Modules.cpp allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Impacted component: ZNC IRC bouncer; condition requires authentication but not admin p...

CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name...

SQL Injection Vulnerability in the art***.php and con***.php Modules of iCMS

iCMS is an efficient and simple content management system built with PHP and MySQL. The art.php and con.php modules of iCMS have a SQL injection vulnerability module, which can be exploited by attackers to obtain sensitive database information...

Context - Moderately critical - Cross site scripting - SA-CONTRIB-2019-028

This module enables you to manage contextual conditions and reactions for different portions of your site. The module doesn't sufficiently sanitize user output when displayed leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must hav...

m-server Vulnerable to Directory Traversal

Path Traversal vulnerability in module m-server 1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request...

GHSA-CXMJ-QJV6-VX9P mcstatic directory traversal vulnerability

A server directory traversal vulnerability was found on node module mcstatic =0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path...

string module denial of service vulnerability

The string module is a lightweight JavaScript library that provides additional String methods for Node.js. A security vulnerability exists in the string module. An attacker can exploit this vulnerability to cause a denial of service with the help of untrustworthy specially crafted input...

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3724

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

AZL-44772 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-5

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

AZL-44892 CVE-2017-16119 affecting package nodejs-nodemon 2.0.3-5

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

CVE-2017-16082

A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1 Executing unsafe, user-supplied sql which contains a malicious column name. 2...