CVSS: 10.0EPSS: 43%CPEs: 1EXPL: 2CVE-2014-7192 – Node Browserify 4.2.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7192
11 Dec 2014 — Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad de inyección Eval en index.js en el paquete de errores de sintaxis anterior a 1.1.1 para Node.js 0.10.x, utilizado en IBM Rational Application Developer y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de un fichero manipulad... • https://www.exploit-db.com/exploits/34090 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 1CVE-2014-6394 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2014-6394
08 Oct 2014 — visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. visionmedia send anterior a 0.8.4 para Node.js utiliza una comparación parcial para verificar si un directorio está dentro del root del documento, lo que permite a atacantes remotos acceder a directorios restringidos, tal y como fue demostrado med... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •