| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-7377 | 6.8 |
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
|
21-11-2017 - 18:21 | 23-10-2017 - 18:29 | |
| CVE-2014-3741 | 7.5 |
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
|
21-11-2017 - 18:21 | 23-10-2017 - 18:29 | |
| CVE-2014-3744 | 5.0 |
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
|
15-11-2017 - 21:44 | 23-10-2017 - 18:29 | |
| CVE-2014-3742 | 5.0 |
The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.
|
19-05-2014 - 15:22 | 16-05-2014 - 15:55 | |
| CVE-2013-7379 | 6.8 |
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.
|
16-05-2014 - 17:55 | 16-05-2014 - 15:55 |