Security
Headlines
HeadlinesLatestCVEs

Tag

#js

CVE-2023-27849: Vulnerability-Reports/report.md at 2211ea4712f24d20b7f223fb737910fdfb041edb · omnitaint/Vulnerability-Reports

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

CVE
Open in Source
#vulnerability#nodejs#js#rce
CVE-2023-27848: Vulnerability-Reports/report.md at 9d65add2bca71ed6d6b2e281ee6790a12504ff8e · omnitaint/Vulnerability-Reports

broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

CVE-2023-29566: GitHub - rona-dinihari/dawnsparks-node-tesseract: Forked from https://github.com/desmondmorris/node-tesseract/ to support tesseract v4.

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

CVE-2023-26494: lorawan-stack/index.js at ecdef730f176c02f7c9afce98b0457ae64de5bfc · TheThingsNetwork/lorawan-stack

lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.

CVE-2023-26060: PT-2022-04: Cross Site Template Injection (CSTI)

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.

CVE-2023-26061: PT-2022-05: Stored Cross-Site Scripting (XSS)

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.

CVE-2023-30372: Tenda/10.md at main · 2205794866/Tenda

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.

CVE-2023-29848: Bang Resto 1.0 Cross Site Scripting ≈ Packet Storm

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.

Debian Security Advisory 5393-1

Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Red Hat Security Advisory 2023-1931-01

Red Hat Security Advisory 2023-1931-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.