|
266011
|
8.6 |
HIGH
Network
|
grunt-gh-pages_project
|
grunt-gh-pages
|
A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion…
|
CWE-255
CWE-532
Credentials Management
Inclusion of Sensitive Information in Log Files
|
CVE-2016-10526
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266012
|
8.2 |
HIGH
Network
|
i18n-node-angular_project
|
i18n-node-angular
|
i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-10524
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266013
|
7.5 |
HIGH
Network
|
mqtt-packet_project
|
mqtt-packet
|
MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted MQTT packets to crash the application, making a DoS attack feasible with very little bandwidth.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10523
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266014
|
7.5 |
HIGH
Network
|
jshamcrest_project
|
jshamcrest
|
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
|
CWE-20
Improper Input Validation
|
CVE-2016-10521
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266015
|
7.5 |
HIGH
Network
|
jadedown_project
|
jadedown
|
jadedown is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in.
|
CWE-20
Improper Input Validation
|
CVE-2016-10520
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266016
|
7.5 |
HIGH
Network
|
webtorrent
|
bittorrent-dht
|
A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.
|
CWE-200
Information Exposure
|
CVE-2016-10519
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266017
|
7.5 |
HIGH
Network
|
ws_project
|
ws
|
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10518
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266018
|
8.1 |
HIGH
Network
|
mystem-fix_project
|
mystem-fix
|
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cau…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10698
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266019
|
8.1 |
HIGH
Network
|
massif_project
|
massif
|
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested reso…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10682
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266020
|
8.1 |
HIGH
Network
|
robotwebtools
|
roslibjs
|
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be pos…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10681
|
2024-11-21 11:44 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
