The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Nodejs Modules ~ not comprehensive

computer vulnerability CVE-2016-10651

Node.js modules: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on downloads by modules for Node.js, in order to read or write data in the session and notably inject arbitrary programs.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, data reading, data creation/edition.
Provenance: internet server.
Creation date: 16/12/2016.
Identifiers: CVE-2016-10651, VIGILANCE-VUL-21405.

Description of the vulnerability

Several modules for Node.js product download resources, including executable programs, via HTTP without TLS.

So, an attacker can change the downloaded programs.

An attacker can therefore act as a Man-in-the-Middle on downloads by modules for Node.js, in order to read or write data in the session and notably inject arbitrary programs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 21329

Node.js Bitty: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Node.js Bitty, in order to read a file outside the service root path.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 08/12/2016.
Identifiers: VIGILANCE-VUL-21329.

Description of the vulnerability

An attacker can traverse directories of Node.js Bitty, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-7191

Node.js passport-azure-ad: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Node.js passport-azure-ad, in order to escalate his privileges.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: internet client.
Creation date: 06/12/2016.
Identifiers: CVE-2016-7191, VIGILANCE-VUL-21284.

Description of the vulnerability

An attacker can bypass restrictions of Node.js passport-azure-ad, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 21283

Node.js galenframework-cli: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js galenframework-cli, in order to read or write data in the session.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21283.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js galenframework-cli, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 21282

Node.js selenium-download: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js selenium-download, in order to read or write data in the session.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21282.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js selenium-download, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 21281

Node.js aerospike: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js aerospike, in order to read or write data in the session.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21281.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js aerospike, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability 21280

Node.js appium-chromedriver: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js appium-chromedriver, in order to read or write data in the session.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 06/12/2016.
Identifiers: VIGILANCE-VUL-21280.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on Node.js appium-chromedriver, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 21011

Node.js igniteui: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Node.js igniteui, in order to obtain sensitive information.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 02/11/2016.
Identifiers: VIGILANCE-VUL-21011.

Description of the vulnerability

The igniteui module can be installed on Node.js.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability of Node.js igniteui, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability 21010

Node.js waterline-sequel: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Node.js waterline-sequel, in order to read or alter data.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 02/11/2016.
Identifiers: VIGILANCE-VUL-21010.

Description of the vulnerability

The Node.js waterline-sequel product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Node.js waterline-sequel, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 21009

Node.js sequelize: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Node.js sequelize, in order to read or alter data.
Impacted products: Nodejs Modules ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 02/11/2016.
Identifiers: VIGILANCE-VUL-21009.

Description of the vulnerability

The Node.js sequelize product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Node.js sequelize, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Nodejs Modules ~ not comprehensive: