|
268541
|
5.3 |
MEDIUM
Network
|
call_project
|
call
|
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypas…
|
CWE-20
Improper Input Validation
|
CVE-2016-10543
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268542
|
7.5 |
HIGH
Network
|
ws_project
|
ws
|
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server…
|
CWE-20
Improper Input Validation
|
CVE-2016-10542
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268543
|
9.8 |
CRITICAL
Network
|
shell-quote_project
|
shell-quote
|
The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious …
|
CWE-94
Code Injection
|
CVE-2016-10541
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268544
|
7.5 |
HIGH
Network
|
minimatch_project
|
minimatch
|
Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is …
|
CWE-20
Improper Input Validation
|
CVE-2016-10540
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268545
|
7.5 |
HIGH
Network
|
negotiator_project
|
negotiator
|
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlie…
|
CWE-20
Improper Input Validation
|
CVE-2016-10539
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268546
|
3.5 |
LOW
Network
|
cli_project
debian
|
cli
debian_linux
|
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.
|
CWE-362
Race Condition
|
CVE-2016-10538
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268547
|
5.4 |
MEDIUM
Network
|
backbone_project
|
backbone
|
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10537
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268548
|
5.9 |
MEDIUM
Network
|
socket
|
engine.io-client
|
engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10536
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268549
|
5.9 |
MEDIUM
Network
|
csrf-lite_project
|
csrf-lite
|
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This ena…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10535
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268550
|
5.9 |
MEDIUM
Network
|
electron-packager_project
|
electron-packager
|
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 …
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10534
|
2024-11-21 11:44 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
