CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

OSV•added 2020/02/20 5:15 p.m.•2 views

DEBIAN-CVE-2015-4410

The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...

7.5CVSS6.9AI score0.01937EPSS

Exploits1References1

Prion•added 2020/02/20 5:15 p.m.•30 views

Design/Logic Flaw

The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...

5CVSS7.2AI score0.0353EPSS

Exploits2References14Affected Software2

OSV•added 2020/02/20 5:15 p.m.•0 views

UBUNTU-CVE-2015-4410

7.5CVSS7.1AI score0.01937EPSS

Exploits1References5

Prion•added 2020/02/20 5:15 p.m.•16 views

Cross site scripting

5CVSS7.1AI score0.01937EPSS

Exploits1References10Affected Software1

Cvelist•added 2020/02/20 4:24 p.m.•21 views

CVE-2015-4410

7.1AI score0.01937EPSS

Exploits1References10

Cvelist•added 2020/02/20 4:24 p.m.•24 views

CVE-2015-4411

7.1AI score0.0353EPSS

Exploits1References14

Debian CVE•added 2020/02/20 4:24 p.m.•30 views

CVE-2015-4411

7.5CVSS7.2AI score0.0353EPSS

Exploits1

CNVD•added 2019/12/30 12:0 a.m.•2 views

BSON ObjectID Input Validation Error Vulnerability

BSON ObjectID is a module for creating and parsing ObjectIDs for use in Node.js. An input validation error vulnerability exists in BSON ObjectID version 1.3.0 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. An attacker could use th...

7.5CVSS6.7AI score0.00227EPSS

Exploits1References1

Veracode•added 2019/12/12 5:26 a.m.•15 views

Authorization Bypass

bson-objectid is vulnerable to authorization bypass. The vulnerability exists as it was possible to generate a malformed objectid through ObjectID by inserting an additional property in the user-input...

7.5CVSS2.8AI score0.00227EPSS

Exploits1References5Affected Software1

OSV•added 2019/12/11 8:15 p.m.•3 views

CVE-2019-19729

An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...

7.5CVSS7.2AI score0.00227EPSS

Exploits1References2

NVD•added 2019/12/11 8:15 p.m.•10 views

CVE-2019-19729

7.5CVSS7.6AI score0.00227EPSS

Exploits1References2

Prion•added 2019/12/11 8:15 p.m.•17 views

Input validation

5CVSS7.6AI score0.00227EPSS

Exploits1References2Affected Software1

CVE•added 2019/12/11 7:56 p.m.•58 views

CVE-2019-19729

CVE-2019-19729 affects the BSON ObjectID package for Node.js (v1.3.0). The issue arises when ObjectID() accepts user input with an extra property, causing the module to return early if it detects _bsontype==ObjectID, which can allow objects in arbitrary forms to bypass formatting if they include ...

7.5CVSS7.5AI score0.00227EPSS

Exploits1References2Affected Software1

Cvelist•added 2019/12/11 7:56 p.m.•11 views

CVE-2019-19729

7.6AI score0.00227EPSS

Exploits1References2

OSV•added 2018/05/10 1:29 p.m.•2 views

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

9.8CVSS6.1AI score0.00323EPSS

Exploits0References1

Cvelist•added 2018/05/10 1:0 p.m.•13 views

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

7.3CVSS10AI score0.00323EPSS

Exploits0References1