Lucene search
K

365 matches found

CVE
CVE
added 2019/12/05 6:55 p.m.145 views

CVE-2019-16769

The CVE-2019-16769 issue affects the npm package serialize-javascript prior to version 2.1.1, which is vulnerable to Cross-site Scripting (XSS) due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward sla...

5.4CVSS4.9AI score0.00977EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2019/12/05 6:44 p.m.6 views

1.1.0 (=1.0.0), 1c (>=6.2.0 <=8.17.2) +11732 more potentially affected by CVE-2019-16769 via serialize-javascript (>=1.0.0 <=2.1.0)

serialize-javascript NPM version =1.0.0, =6.2.0, =0.1.0, =0.0.1, =2.0.0, =0.1.0, =0.24.0, =0.1.4, =0.1.0, =1.0.0-beta.1, =1.0.4, =0.1.1, =0.1.99 and more Source cves: CVE-2019-16769 Source advisory: OSV:GHSA-H9RV-JMMF-4PGX...

5.4CVSS6.5AI score0.00977EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2019/12/05 6:44 p.m.275 views

Cross-Site Scripting in serialize-javascript

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later...

5.4CVSS3.7AI score0.00977EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/12/05 6:44 p.m.2 views

GHSA-H9RV-JMMF-4PGX Cross-Site Scripting in serialize-javascript

Versions of serialize-javascript prior to 2.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize serialized regular expressions. This vulnerability does not affect Node.js applications. Recommendation Upgrade to version 2.1.1 or later...

4.2CVSS7.2AI score0.00977EPSS
Exploits0References4
OSV
OSV
added 2019/11/19 3:15 p.m.2 views

UBUNTU-CVE-2016-1000006

hhvm before 3.12.11 has a use-after-free in the serializememoizeparam and ResourceBundle::construct functions...

9.8CVSS5.8AI score0.01568EPSS
Exploits0References3
OSV
OSV
added 2019/09/11 10:15 p.m.3 views

CVE-2019-16247

Delta DCISoft 1.21 has a User Mode Write AV starting at CommLib!CCommLib::SetSerializeData+0x000000000000001b...

7.8CVSS5.8AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2019/04/02 7:29 p.m.8 views

PYSEC-2019-166

The Serialize.deserialize method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, example collect CoAP server and client when they receive crafted CoAP messages...

7.5CVSS5.9AI score0.01446EPSS
Exploits1References2
Node.js
Node.js
added 2019/03/28 9:15 p.m.15 views

Denial of Service

Overview Versions of serialize-to-js prior to 2.0.0 are vulnerable to Denial of Service. User input is not properly validated, allowing attackers to provide inputs that lead the execution to loop indefinitely. Recommendation Upgrade to version 2.0.0 or later. References GitHub Advisory...

7AI score
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2018/12/03 12:49 p.m.13 views

harfbuzz/hb-subset-fuzzer: Heap-buffer-overflow in CFF::CFF2VariationStore::serialize

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5660711141769216 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-subset-fuzzer Fuzz target binary: hb-subset-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflo...

6.8AI score
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2018/11/20 9:29 p.m.46 views

CVE-2018-19395

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service NULL pointer dereference and application crash because com and comsafearrayproxy return NULL in compropertiesget in ext/comdotnet/comhandlers.c, as demonstrated by a serialize call on...

7.5CVSS7.1AI score0.04327EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2018/07/18 6:27 p.m.5 views

@contrast/loopback-test-bench (=3.15.0), @contrast/test-bench-utils (>=2.7.0 <=3.38.0) +34 more potentially affected by CVE-2017-5941 via node-serialize (>=0.0.3 <=0.0.4)

node-serialize NPM version =0.0.3, =2.7.0, =1.1.0, =1.0.1, =1.0.0, =1.1.1, =1.0.0, =1.0.4, =1.0.0, =1.0.0, =0.0.1, =1.0.4 and more Source cves: CVE-2017-5941 Source advisory: OSV:GHSA-Q4V7-4RHW-9HQM...

9.8CVSS7.2AI score0.61025EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2018/07/18 6:27 p.m.48 views

Code Execution through IIFE in node-serialize

Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...

9.8CVSS5AI score0.61025EPSS
Exploits5References8Affected Software1
OSV
OSV
added 2018/07/18 6:27 p.m.3 views

GHSA-Q4V7-4RHW-9HQM Code Execution through IIFE in node-serialize

Affected versions of node-serialize can be abused to execute arbitrary code via an immediately invoked function expression IIFE if untrusted user input is passed into unserialize. Recommendation There is no direct patch for this issue. The package author has reviewed this advisory, and provided t...

9.8CVSS6.2AI score0.61025EPSS
Exploits5References8
vulnersOsv
vulnersOsv
added 2018/07/18 6:27 p.m.7 views

astronomia (>=1.3.1 <=1.3.2) potentially affected by CVE-2017-5954 via serialize-to-js (=0.5.0)

serialize-to-js NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on serialize-to-js and may be impacted: - astronomia =1.3.1, =1.3.2 Source cves: CVE-2017-5954 Source advisory: OSV:GHSA-MM62-WXC8-CF7M...

9.8CVSS7.2AI score0.04464EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2018/07/18 6:27 p.m.27 views

Code Execution Through IIFE in serialize-to-js

Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...

9.8CVSS9.5AI score0.04464EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2018/07/18 6:27 p.m.23 views

GHSA-MM62-WXC8-CF7M Code Execution Through IIFE in serialize-to-js

Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept js var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...

9.8CVSS9.8AI score0.04464EPSS
Exploits1References9
CNVD
CNVD
added 2018/04/02 12:0 a.m.4 views

PJSIP PJSUA2 SDK for Android Arbitrary Code Execution Vulnerability

PJSIP PJSUA2 SDK for Android is an Android-based software development kit that provides APIs for building Session Initiation Protocol SIP multimedia user agent applications. A security vulnerability exists in versions of the PJSIP PJSUA2 SDK for Android prior to SVN Changeset 51322. The...

9.8CVSS7.7AI score0.02052EPSS
Exploits0References1
NVD
NVD
added 2017/10/24 8:29 p.m.17 views

CVE-2017-15871

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agrees that...

7.5CVSS7.3AI score0.01148EPSS
Exploits1References2
Prion
Prion
added 2017/10/24 8:29 p.m.15 views

Design/Logic Flaw

DISPUTED The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agree...

5CVSS7.2AI score0.01148EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/10/24 8:29 p.m.9 views

CVE-2017-15871

The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function" substring, as demonstrated by a "functionconsole.log" call or a simple infinite loop. NOTE: the vendor agrees that...

7.5CVSS6.8AI score0.01148EPSS
Exploits1References2
Rows per page
Query Builder