Skip to main content
CVE-2017-5954 CRITICAL POC PATCH Act Now

An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Node.js RCE Serialize To Js
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-5953 CRITICAL PATCH Act Now

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Vim
NVD GitHub
CVSS 3.0
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy