Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
project 2016 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-10250
The jp2_colr_destroy function in jp2_cod.c in JasPer prior to 1.900.13 allows remote malicious users to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error. NOTE: this vulnerability exists because of an incomplete fix for ...
Jasper Project Jasper
4.6
CVSSv2
CVE-2016-10369
unixsocket.c in lxterminal up to and including 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Lxterminal Project Lxterminal
7.5
CVSSv2
CVE-2016-10375
Yodl prior to 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
Yodl Project Yodl
5
CVSSv2
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service (ReDoS) when certain types of user input is passed in to the emailAddress validator.
Jshamcrest Project Jshamcrest
4
CVSSv2
CVE-2016-10528
restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary prior to 1.6.1 is able to set up a root path, which should only allow it to run inside of that root path it specified.
Restafary Project Restafary
4.3
CVSSv2
CVE-2016-10531
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and previous versions parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascrip...
Marked Project Marked
3.5
CVSSv2
CVE-2016-10537
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and pre...
Backbone Project Backbone
5
CVSSv2
CVE-2016-10539
negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and previous versions is vulnerable to Regular Expression Denial of Service via a...
Negotiator Project Negotiator
5
CVSSv2
CVE-2016-10542
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and p...
Ws Project Ws
1 Github repository
4.3
CVSSv2
CVE-2016-10544
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb paylo...
Uws Project Uws
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »