Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2015-8854 | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-8315 | Unspecified vulnerability in Vercel MS The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-7743 | XXE vulnerability in Paessler Prtg Network Monitor XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file. | 6.5 |
| 2017-01-23 | CVE-2015-4626 | Numeric Errors vulnerability in Treasuryxpress C2Box B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. | 7.5 |
| 2017-01-23 | CVE-2014-9772 | Cross-site Scripting vulnerability in Nodejs Node.Js The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | 6.1 |
| 2017-01-23 | CVE-2014-8362 | Improper Access Control vulnerability in Vivint SKY Control Panel Firmware 1.1.1.9926 Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | 9.8 |
| 2017-01-23 | CVE-2013-7454 | Cross-site Scripting vulnerability in Nodejs Node.Js The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | 6.1 |
| 2017-01-23 | CVE-2013-7453 | Cross-site Scripting vulnerability in Nodejs Node.Js The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | 6.1 |
| 2017-01-23 | CVE-2013-7452 | Cross-site Scripting vulnerability in Nodejs Node.Js The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. | 6.1 |
| 2017-01-23 | CVE-2013-7451 | Cross-site Scripting vulnerability in Nodejs Node.Js 1.0.4 The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | 6.1 |