CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

691 matches found

Node.js•added 2015/10/17 7:41 p.m.•65 views

Rosetta-Flash JSONP Vulnerability

Overview This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to...

4.3CVSS1.3AI score0.23024EPSS

Exploits4Affected Software1

NVD•added 2014/10/08 5:55 p.m.•28 views

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

10CVSS7.7AI score0.78582EPSS

Exploits6References6

Prion•added 2014/10/08 5:55 p.m.•11 views

Design/Logic Flaw

10CVSS8.2AI score0.78582EPSS

Exploits6References6Affected Software1

Cvelist•added 2014/10/08 5:0 p.m.•33 views

CVE-2014-7205

7.7AI score0.78582EPSS

Exploits6References6

CVE•added 2014/10/08 5:0 p.m.•63 views

CVE-2014-7205

The Bassmaster Node.js plugin for the Hapi server contains CVE-2014-7205: an eval-based injection in the internals.batch function (lib/batch.js) before version 1.5.2, enabling remote arbitrary JavaScript execution. Documents show affected version range is bassmaster

10CVSS7.9AI score0.78582EPSS

Exploits6References6Affected Software1

Positive Technologies•added 2014/07/08 12:0 a.m.•4 views

PT-2014-1372 · Adobe +4 · Flash Player +6

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions prior to 13.0.0.231 Adobe Flash Player versions 14.x prior to 14.0.0.145 Adobe AIR versions prior to 14.0.0.137 Adobe AIR SDK versions prior to 14.0.0.137 Adobe AIR SDK & Compiler versions prior to 14.0.0.137 hapi...

7.5CVSS7.6AI score0.23024EPSS

Exploits4References50

NVD•added 2014/05/16 3:55 p.m.•19 views

CVE-2014-3742

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

5CVSS6.6AI score0.02374EPSS

Exploits0References4

Prion•added 2014/05/16 3:55 p.m.•12 views

Hardcoded credentials

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

5CVSS7.2AI score0.02374EPSS

Exploits0References4Affected Software1

Cvelist•added 2014/05/16 3:0 p.m.•23 views

CVE-2014-3742

The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service file descriptor consumption and process crash via unspecified vectors...

6.6AI score0.02374EPSS

Exploits0References4

CVE•added 2014/05/16 3:0 p.m.•51 views

CVE-2014-3742

The CVE-2014-3742 entry applies to the hapi server framework for Node.js, affecting versions 2.0.x and 2.1.x prior to 2.2.0. The vulnerability is a denial-of-service caused by a file descriptor leak that can exhaust descriptors and crash the process. Connected advisories confirm this DoS vector a...

5CVSS6.8AI score0.02374EPSS

Exploits0References4Affected Software1

CVE•added 1976/01/01 12:0 a.m.•57 views

CVE-2020-35465

CVE-2020-35465 is rejected and not a security issue; this entry is not in active use.

9.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by