Joyent Node.js is my json valid denial of service vulnerability
Denial of Service
Joyent Node.js is a set of network application platform built on Google V8 JavaScript engine by American Joyent Company. Is my json valid is one of the JSONSchema (describing JSON data format) validation packages. Joyent Node.js is my json valid before 2.12.4 has a security vulnerability due to the program incorrectly outputting regular expressions (using utc millisec format). A remote attacker can use a specially crafted string to cause a denial of service (limiting the event cycle).
Hawk Denial of Service Vulnerability
Resource management error
Hawk is a set of HTTP authentication scheme that uses message authentication code (MAC) algorithm to provide encryption and verification of local HTTP requests. There is a security vulnerability in Hawk before 3.1.3 and 4. x before 4.1.1. Remote attackers can use this vulnerability to cause a denial of service (CPU consumption or partial interruption) via a long header or URI.
Android Mediaserver security vulnerability
Integer overflow or wrapping
Android is an open source operating system based on Linux jointly developed by Google and the Open Handset Alliance (OHA). Mediaserver is one of the multimedia service components. The Mediaserver in Google Android has a remote code execution vulnerability. An attacker can use a specially crafted file to cause memory corruption. The following versions are affected: Google Android 6.0.1, 5.1.1, 5.0.2, 7.1.1, 7.0 and 6.0.
Joyent Node.js tar post link vulnerability
Improper link resolution before file access (link following)
Joyent Node.js is a set of network application platform built on Google V8 JavaScript engine by American Joyent Company. Tar is a tar archive module in npm (Node. JS package management and distribution tool). There is a security vulnerability in tar 1.8.4 and earlier versions of Joyent Node.js. Remote attackers can use this vulnerability to write arbitrary files.
Joyent Node.js handlebar Cross site Scripting Vulnerability
XSS
Joyent Node.js is a set of network application platform built on Google V8 JavaScript engine by American Joyent Company. Handlebars is one of the JavaScript semantic template libraries, which can quickly build Web templates by separating views and data. There is a cross site scripting vulnerability in handlebars 3.0.3 and earlier in Joyent Node.js. A remote attacker can use this vulnerability to execute arbitrary web script or HTML via a template without referenced attributes.
Google protobuf buffer error vulnerability
Write out of bounds
Google protobuf is a data exchange format of Google in the United States. There is a buffer error vulnerability in Google protobuf. Remote attackers can use this vulnerability to execute code.
Joyent Node.js toy cookie module security vulnerability
Denial of Service
Joyent Node.js is a set of network application platform built on Google V8 JavaScript engine by American Joyent Company. The tooth cookie module is one of the cookie modules. There is a denial of service vulnerability in Joyent Node.js toy cookie module before 2.3.3. An attacker can use this vulnerability to cause a denial of service (consume a large amount of CPU) by sending HTTP requests with malicious cookies.
Ecstatic npm package security vulnerability
Denial of Service
The ecstatic npm package is a static file server middleware. There is a denial of service vulnerability in the lib/ecstatic.js file in the ecstatic npm package before 2.0.0. Remote attackers can use this vulnerability to cause a denial of service (overload and crash) by passing maliciously crafted strings.
Web framework qs module input verification vulnerability
Improper input validation
Web framework is a framework used to support the development of dynamic websites, web applications and web services. The qs module is a string query and parsing module used by developers when building Web frameworks. The qs module in the web framework has a denial of service vulnerability. Because the web framework qs does not filter the user's input perfectly, an attacker can use _proto_ to overwrite the existing prototype properties of the object, such as toString(), hasOwnProperty(), etc., thereby causing the web framework of the qs module to crash, leading to a denial of service
Adm zip npm library path traversal vulnerability
path traversal
Adm zip npm library is a JavaScript implementation based on Node.js that allows users to create and extract zip files in memory or disk. Directory traversal vulnerability exists in adm zip npm library before 0.4.9. An attacker can use this vulnerability to write arbitrary files via a specially crafted zip archive file with a directory traversal name.
Url parse security vulnerability
SSRF
Url parse is a small URL parser that spans Node.js and browser environments. There is a security vulnerability in url parse before 1.4.3. The vulnerability is due to the program's failure to parse correctly, resulting in the return of incorrect host names. Remote attackers can use this vulnerability to implement server request forgery attacks, open redirection attacks, or bypass authentication protocols.
Brace expansion security vulnerability
Denial of Service
Brace expansion is a tool that can generate arbitrary strings. The index.js file in Brace expansion before 1.1.7 has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service.
Webpack dev server information disclosure vulnerability
Unauthorized disclosure of sensitive information
Webpack dev server is a development server mainly used for testing. The lib/Server.js file in webpack dev server before 3.1.6 has a security vulnerability, which is due to the program's failure to detect the Origin field in the request header. An attacker can use this vulnerability to receive HMR messages sent by the WebSocket server by connecting ws://127.0.0.1:8080/from any source.
Merge package denial of service vulnerability
Denial of Service
The merge package is a software package used to merge multiple objects into one. The merge.recuritive function in the merge package before 1.2 has a security vulnerability. An attacker can use this vulnerability to cause a denial of service.
LibSass denial of service vulnerability
Null pointer dereference
LibSass is the C/C++port of the Sass engine. There is a null pointer dereference vulnerability in the Sass:: Selector_List:: populate_extends function in SharedPtr.hpp in LibSass 3.5.5. An attacker can use this vulnerability to cause a denial of service (application crash) via a specially crafted sass input file.
LibSass denial of service vulnerability
UAF
LibSass is an open source Sass (CSS Extended Language) parser written in C language. The SharedPtr class in the SharedPtr.cpp file (or SharedPtr.hpp file) in LibSass 3.5.5 has a reuse after release vulnerability. An attacker can use this vulnerability to cause a denial of service (application crash).
LibSass resource management error vulnerability
Denial of Service
LibSass is an open source Sass (CSS Extended Language) parser written in C language. The Sass:: Eval:: operator() function in eval.cpp file in LibSass before 3.5.5 has a security vulnerability, which is due to the program's failure to properly parse the % character. An attacker can use this vulnerability to cause a denial of service (stack corruption) via a specially crafted sass file.
LibSass resource management error vulnerability
Denial of Service
LibSass is an open source Sass (CSS Extended Language) parser written in C language. Multiple functions in the ast.cpp file in LibSass before 3.5.5 contain security vulnerabilities. An attacker can use this vulnerability to cause a denial of service (stack corruption) via a specially crafted sass file.
LibSass denial of service vulnerability
Read out of bounds
LibSass is an open source Sass (CSS Extended Language) parser written in C language. The handle_error function in the sass_context.cpp file in LibSass before 3.5.5 has a security vulnerability. An attacker can use a specially crafted sass file to cause a denial of service.
LibSass denial of service vulnerability
Null pointer dereference
LLibSass is the C/C++implementation of Sass compiler. There is a null pointer dereference vulnerability in the Sass:: Eval:: operator() function in eval.cpp in LibSass 3.5.5. An attacker can use this vulnerability to cause a denial of service (application crash) via a specially crafted sass input file.
No more
Loading failed, please refresh the page