|
266651
|
5.3 |
MEDIUM
Network
|
send_project
|
send
|
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2015-8859
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266652
|
7.5 |
HIGH
Network
|
uglifyjs_project
|
uglifyjs
|
The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."
|
CWE-399
Resource Management Errors
|
CVE-2015-8858
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266653
|
9.8 |
CRITICAL
Network
|
uglifyjs_project
|
uglifyjs
|
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possi…
|
CWE-254
7PK - Security Features
|
CVE-2015-8857
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266654
|
6.1 |
MEDIUM
Network
|
openjsf
|
serve-index
|
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
|
CWE-79
Cross-site Scripting
|
CVE-2015-8856
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266655
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
|
CWE-399
Resource Management Errors
|
CVE-2015-8855
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266656
|
7.5 |
HIGH
Network
|
marked_project
fedoraproject
|
marked
fedora
|
The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline r…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2015-8854
|
2024-11-21 11:39 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266657
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service …
|
NVD-CWE-noinfo
|
CVE-2015-8818
|
2024-11-21 11:39 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266658
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write cal…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2015-8817
|
2024-11-21 11:39 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266659
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It could occur while reading Interrupt Mask Registers (IMR). A privileged (CAP_SYS…
|
CWE-617
Reachable Assertion
|
CVE-2015-8745
|
2024-11-21 11:39 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266660
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged …
|
CWE-20
Improper Input Validation
|
CVE-2015-8744
|
2024-11-21 11:39 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
