Export limit exceeded: 344941 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344941 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344941 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16100 | 1 Dns-sync Project | 1 Dns-sync | 2024-11-21 | N/A |
| dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible. | ||||
| CVE-2017-16099 | 1 No-case Project | 1 No-case | 2024-11-21 | 7.5 High |
| The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition. | ||||
| CVE-2017-16098 | 1 Charset Project | 1 Charset | 2024-11-21 | N/A |
| charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length is 80kb, so the impact of the ReDoS is relatively low. | ||||
| CVE-2017-16097 | 1 Tiny-http Project | 1 Tiny-http | 2024-11-21 | N/A |
| tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16096 | 1 Serveryaozeyan Project | 1 Serveryaozeyan | 2024-11-21 | N/A |
| serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16095 | 1 Serverliujiayi1 Project | 1 Serverliujiayi1 | 2024-11-21 | N/A |
| serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16094 | 1 Iter-http Project | 1 Iter-http | 2024-11-21 | N/A |
| iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16093 | 1 Cyber-js Project | 1 Cyber-js | 2024-11-21 | N/A |
| cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16092 | 1 Sencisho Project | 1 Sencisho | 2024-11-21 | N/A |
| Sencisho is a simple http server for local development. Sencisho is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16091 | 1 Xtalk Project | 1 Xtalk | 2024-11-21 | N/A |
| xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16090 | 1 Fsk-server Project | 1 Fsk-server | 2024-11-21 | N/A |
| fsk-server is a simple http server. fsk-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2024-11-21 | N/A |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16088 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | N/A |
| The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | ||||
| CVE-2017-16086 | 1 Ua-parser Project | 1 Ua-parser | 2024-11-21 | N/A |
| ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header. | ||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2024-11-21 | N/A |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2024-11-21 | N/A |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2024-11-21 | N/A |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | ||||
| CVE-2017-16082 | 1 Node-postgres | 1 Pg | 2024-11-21 | N/A |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. | ||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | N/A |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | N/A |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||