|
269301
|
7.5 |
HIGH
Network
|
minimatch_project
|
minimatch
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is …
|
CWE-20
Improper Input Validation
|
CVE-2016-10540
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269302
|
7.5 |
HIGH
Network
|
negotiator_project
|
negotiator
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlie…
|
CWE-20
Improper Input Validation
|
CVE-2016-10539
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269303
|
3.5 |
LOW
Network
|
cli_project
debian
|
cli
debian_linux
|
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
|
CWE-362
Race Condition
|
CVE-2016-10538
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269304
|
5.4 |
MEDIUM
Network
|
backbone_project
|
backbone
|
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10537
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269305
|
5.9 |
MEDIUM
Network
|
socket
|
engine.io-client
|
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10536
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269306
|
5.9 |
MEDIUM
Network
|
csrf-lite_project
|
csrf-lite
|
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This ena…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10535
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269307
|
5.9 |
MEDIUM
Network
|
electron-packager_project
|
electron-packager
|
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10534
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269308
|
6.1 |
MEDIUM
Network
|
marked_project
|
marked
|
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content i…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10531
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269309
|
5.9 |
MEDIUM
Network
|
airbrake
|
airbrake
|
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could…
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-10530
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269310
|
8.8 |
HIGH
Network
|
droppy_project
|
droppy
|
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the current…
|
CWE-352
Origin Validation Error
|
CVE-2016-10529
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
