4346 matches found
CVE-2024-34712
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...
AZL-44020 CVE-2024-4068 affecting package nodejs-nodemon 2.0.3-4
The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...
UBUNTU-CVE-2024-4068
The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...
CVE-2024-34712
Oceanic (NodeJS) vulnerability CVE-2024-34712 affects versions prior to 1.10.4. Input to functions like Client.rest.channels.removeBan is not URL-encoded, allowing crafted input such as ../../../channels/{id} to be normalized into /api/v10/channels/{id}, potentially causing unintended channel act...
CVE-2024-34712 Oceanic allows unsanitized user input to lead to path traversal in URLs
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...
CVE-2024-34712 Oceanic allows unsanitized user input to lead to path traversal in URLs
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...
CVE-2024-34712 Oceanic allows unsanitized user input to lead to path traversal in URLs
Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...
Exploit for Cross-site Scripting in Litespeedtech Litespeed_Cache
LiteSpeed Cache XSS PoC PoC for XSS vulnerability in the Lite...
RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...
RHEL 8 : nodejs-path-parse (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe CVE-2021-23343 Note that Nessus has not...
RHEL 8 : nodejs-mime (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-mime: Regular expression Denial of Service CVE-2017-16138 Note that Nessus has not tested for this issue but...
RHEL 8 : nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 - nodejs: integrity checks according ...
RHEL 7 : nodejs-minimatch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 Note that Nessus has not tested for this issue b...
RHEL 6 : nodejs-handlebars (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true opti...
RHEL 8 : nodejs-css-what (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-css-what: does not ensure that attribute parsing has linear time complexity relative to the size of the inpu...
RHEL 8 : nodejs-bootstrap-select (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-bootstrap-select: not escaping title values on may lead to XSS CVE-2019-20921 Note that Nessus has not teste...
RHEL 8 : nodejs-ssri (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ssri: Regular expression DoS ReDoS when parsing malicious SRI in strict mode CVE-2021-27290 Note that Nessus...
RHEL 7 : nodejs-semver (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...
RHEL 8 : nodejs-postcss (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-postcss: Regular expression denial of service during source map parsing CVE-2021-23368 Note that Nessus has...
RHEL 8 : nodejs-set-value (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-set-value: prototype pollution in function set-value CVE-2019-10747 Note that Nessus has not tested for this...