The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nodejs Modules ~ not comprehensive

cybersecurity vulnerability CVE-2017-5954

Node.js serialize-to-js: code execution via IIFE

Synthesis of the vulnerability

An attacker can use a vulnerability via an IIFE (Immediately invoked function expression) of Node.js serialize-to-js, in order to run code.
Severity: 3/4.
Creation date: 13/02/2017.
Identifiers: CVE-2017-5954, VIGILANCE-VUL-21803.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via an IIFE (Immediately invoked function expression) of Node.js serialize-to-js, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer weakness 21797

Node.js node-serialize: code execution via IIFE

Synthesis of the vulnerability

An attacker can use a vulnerability via an IIFE (Immediately invoked function expression) of Node.js node-serialize, in order to run code.
Severity: 3/4.
Creation date: 10/02/2017.
Identifiers: VIGILANCE-VUL-21797.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via an IIFE (Immediately invoked function expression) of Node.js node-serialize, in order to run code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-1000249

Node.js fury-adapter-swagger: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js fury-adapter-swagger, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 24/01/2017.
Identifiers: CVE-2016-1000249, VIGILANCE-VUL-21669.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Node.js fury-adapter-swagger, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-10651

Node.js modules: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on downloads by modules for Node.js, in order to read or write data in the session and notably inject arbitrary programs.
Severity: 3/4.
Creation date: 16/12/2016.
Identifiers: CVE-2016-10651, VIGILANCE-VUL-21405.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several modules for Node.js product download resources, including executable programs, via HTTP without TLS.

So, an attacker can change the downloaded programs.

An attacker can therefore act as a Man-in-the-Middle on downloads by modules for Node.js, in order to read or write data in the session and notably inject arbitrary programs.
Full Vigil@nce bulletin... (Free trial)

security threat 21329

Node.js Bitty: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js Bitty, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: VIGILANCE-VUL-21329.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Node.js Bitty, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2016-7191

Node.js passport-azure-ad: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Node.js passport-azure-ad, in order to escalate his privileges.
Severity: 2/4.
Creation date: 06/12/2016.
Identifiers: CVE-2016-7191, VIGILANCE-VUL-21284.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions of Node.js passport-azure-ad, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

weakness alert 21283

Node.js galenframework-cli: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js galenframework-cli, in order to read or write data in the session.
Severity: 2/4.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21283.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js galenframework-cli, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin 21282

Node.js selenium-download: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js selenium-download, in order to read or write data in the session.
Severity: 2/4.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21282.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js selenium-download, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

security announce 21281

Node.js aerospike: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js aerospike, in order to read or write data in the session.
Severity: 2/4.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21281.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js aerospike, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer threat note 21280

Node.js appium-chromedriver: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js appium-chromedriver, in order to read or write data in the session.
Severity: 2/4.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21280.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js appium-chromedriver, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Nodejs Modules ~ not comprehensive: