Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2015-8972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | 9.8 |
| 2017-01-23 | CVE-2015-8971 | Command Injection vulnerability in multiple products Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | 7.8 |
| 2017-01-23 | CVE-2015-8862 | Cross-site Scripting vulnerability in Mustache.Js Project Mustache.Js mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |
| 2017-01-23 | CVE-2015-8861 | Cross-site Scripting vulnerability in Handlebars.Js Project Handlebars.Js The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |
| 2017-01-23 | CVE-2015-8860 | Link Following vulnerability in Nodejs Node.Js The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 7.5 |
| 2017-01-23 | CVE-2015-8859 | Unspecified vulnerability in Send Project Send The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | 5.3 |
| 2017-01-23 | CVE-2015-8858 | Resource Management Errors vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-8857 | 7PK - Security Features vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | 9.8 |
| 2017-01-23 | CVE-2015-8856 | Cross-site Scripting vulnerability in Openjsf Serve-Index Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | 6.1 |
| 2017-01-23 | CVE-2015-8855 | Resource Management Errors vulnerability in Nodejs Node.Js The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | 7.5 |