Lucene search
K

676 matches found

Veracode
Veracode
added 2018/12/17 8:29 a.m.10 views

Memory Leak

react-native-video is vulnerable to memory leak. The vulnerability is possible because it does not properly handle the mp.selectTrack call to listen to timed meta data update...

6.7AI score
Exploits0
myhack58
myhack58
added 2018/11/13 12:0 a.m.522 views

How was I to find Donald Daters applications database vulnerabilities-vulnerability warning-the black bar safety net

Monday night as usual I watch TV to pass the time, but there is nothing interesting in the program. So I decided on the phone looking for fun, I started aimlessly on Twitter through various tweets, a Fox News push content caught my attention. ! Someone of Trump's supporters developed a...

7AI score
Exploits0
OSV
OSV
added 2018/07/31 10:47 p.m.19 views

GHSA-8HJ4-W233-G35Q Downloads Resources over HTTP in react-native-baidu-voice-synthesizer

Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3
CNVD
CNVD
added 2018/06/15 12:0 a.m.7 views

Unspecified vulnerability in react-native-meteor-oauth

react-native-meteor-oauth is a plugin for logging in to the Meteor server in React Native. A security vulnerability exists in react-native-meteor-oauth, which stems from the program's use of a weakly encrypted pseudo-random number generator to generate oauth random tokens Random Token. An attacke...

5.3CVSS5.7AI score0.0135EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

react-native-baidu-voice-synthesizer code execution vulnerability

react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 7:29 p.m.5 views

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

5.3CVSS5.8AI score0.0135EPSS
Exploits0References2
NVD
NVD
added 2018/06/04 7:29 p.m.29 views

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

5.3CVSS7.2AI score0.0135EPSS
Exploits0References2
NVD
NVD
added 2018/06/04 7:29 p.m.16 views

CVE-2016-10697

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 7:29 p.m.19 views

CVE-2016-10697

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources...

8.1CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2018/06/04 7:29 p.m.16 views

Design/Logic Flaw

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

5CVSS6.2AI score0.0135EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/06/04 7:29 p.m.10 views

Remote code execution

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources...

9.3CVSS8AI score0.01752EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/04 7:0 p.m.44 views

CVE-2016-10697

The vulnerability CVE-2016-10697 affects react-native-baidu-voice-synthesizer, which downloads resources over HTTP. The underlying issue is unencrypted network requests, enabling MITM interception and potential remote code execution by substituting resources with attacker-controlled copies. Multi...

9.3CVSS8.2AI score0.01752EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.22 views

CVE-2016-10697

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources...

8.3AI score0.01752EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.29 views

CVE-2017-16028

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...

6.2AI score0.0135EPSS
Exploits0References2
Veracode
Veracode
added 2017/04/17 3:5 a.m.18 views

Cryptographically Insecure Token Generation

react-native-meteor-oauth generates insecure tokens. These tokens are insecure because they are generated using the randomatic package which is not cryptographically secure. This makes it easier for attackers to brute force tokens...

5.3CVSS6.3AI score0.0135EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2017/02/03 4:59 a.m.7 views

Cross-site Scripting (XSS) Via SendToBridge

react-native-webview-bridge is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of user input sanitization when a user can send a string through sendToBridge. The unsanitized string is then interpreted as JavaScript code, causing the webview to be affected ...

5.6AI score
Exploits0
Rows per page
Query Builder