CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7863 matches found

Node.js•added 2015/10/17 7:41 p.m.•368 views

Multiple XSS Filter Bypasses

Overview Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the denylist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test...

4.3CVSS0.7AI score0.00566EPSS

Exploits0Affected Software1

Node.js•added 2015/10/17 7:41 p.m.•49 views

Deserialization Code Execution

Overview Versions 2.0.4 and earlier of js-yaml are affected by a code execution vulnerability in the YAML deserializer. Proof of Concept const yaml = require'js-yaml'; const x = test: !!js/function function f console.log1; ; yaml.loadx; Recommendation Update js-yaml to version 2.0.5 or later, and...

6.8CVSS5.6AI score0.64507EPSS

Exploits6Affected Software1

OpenVAS•added 2015/09/18 12:0 a.m.•20 views

F5 BIG-IP - Node.js vulnerability CVE-2015-5380

The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...

7.5CVSS8.2AI score0.0062EPSS

Exploits0References1

Tenable Nessus•added 2015/09/09 12:0 a.m.•42 views

F5 Networks BIG-IP : Node.js vulnerability (SOL17238)

The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a deni...

7.5CVSS7.9AI score0.0062EPSS

Exploits0References2

CNVD•added 2015/09/08 12:0 a.m.•2 views

Joyent Node.js Geddy Directory Traversal Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform. Geddy is one of the front-end framework. A directory traversal vulnerability exists in the lib/app/index.js file in Joyent Node.js Geddy 13.0.7 and earlier...

5CVSS9.2AI score0.81089EPSS

Exploits1References1

F5 Networks•added 2015/09/08 12:0 a.m.•30 views

SOL17238 - Node.js vulnerability CVE-2015-5380

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

7.5CVSS1.7AI score0.0062EPSS

Exploits0References5

NVD•added 2015/09/04 3:59 p.m.•9 views

CVE-2015-5688

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the PATHINFO to the default URI...

5CVSS6.6AI score0.81089EPSS

Exploits1References5

Prion•added 2015/09/04 3:59 p.m.•17 views

Directory traversal

5CVSS7.1AI score0.81089EPSS

Exploits1References5Affected Software1

CVE•added 2015/09/04 3:0 p.m.•74 views

CVE-2015-5688

Geddy (Node.js framework) prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows an attacker to read arbitrary files by supplying a URI PATH_INFO with a dot-dot-encoded slash (e.g., ..%2f). Exploitation targets the default URI and can read local files...

5CVSS9.1AI score0.81089EPSS

Exploits1References5Affected Software1

Cvelist•added 2015/09/04 3:0 p.m.•17 views

CVE-2015-5688

9.3AI score0.81089EPSS

Exploits1References5

RedHat Linux•added 2015/08/04 5:12 p.m.•54 views

Important: Red Hat Security Advisory: node.js security update

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

4.3CVSS6.6AI score0.93538EPSS

Exploits5References2

RedHat Linux•added 2015/08/04 5:12 p.m.•67 views

Important: Red Hat Security Advisory: node.js security update

Updated node.js packages that fix one security issue are now available for Red Hat OpenShift Enterprise 2.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

4.3CVSS6.6AI score0.93538EPSS

Exploits5References2

OpenVAS•added 2015/08/04 12:0 a.m.•10 views

Node.js Detection (Windows SMB Login)

SMB login-based detection of Node.js SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

7.3AI score

Exploits0

OpenVAS•added 2015/08/04 12:0 a.m.•33 views

Node.js 'V8 utf-8 decoder' DoS Vulnerability - Windows

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS9.2AI score0.0062EPSS

Exploits0References3

OpenVAS•added 2015/08/04 12:0 a.m.•27 views

io.js 'V8 utf-8 decoder' Denial Of Service Vulnerability - Windows

io.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:iojs:io.js"; ifdescripti...

7.5CVSS9.2AI score0.0062EPSS

Exploits0References3

NVD•added 2015/07/09 10:59 a.m.•13 views

CVE-2015-5380

7.5CVSS7.2AI score0.0062EPSS

Exploits0References5