7865 matches found
CVE-2015-8859
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...
CVE-2015-8854
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...
CVE-2015-8858
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...
UBUNTU-CVE-2015-8856
Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...
DEBIAN-CVE-2015-8861
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...
CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...
CVE-2015-8861
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...
CVE-2015-8862
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...
CVE-2015-8859
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2015-8857
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...
CVE-2015-8855
The CVE-2015-8855 entry concerns the semver package for Node.js, where versions before 4.3.2 are vulnerable to a regular expression denial of service (ReDoS) via an excessively long version string. Root cause: an error in the regular expression implementation within semver. Impact: potential CPU ...
CVE-2015-8315
The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...
CVE-2013-7453
Removed by vendor...
CVE-2013-7451
Removed by vendor...
CVE-2013-7451
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...
CVE-2015-8854
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service CPU consumption via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service ReDoS."...
CVE-2015-8861
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...