Total
7102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-14819 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel number member of the cdef box. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5011. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-15138 | 1 Redhat | 1 Openshift Container Platform | 2019-10-09 | 4.0 MEDIUM | 5.0 MEDIUM |
| The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16063 | 1 Node-opensl Project | 1 Node-opensl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-14822 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xOsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5014. | |||||
| CVE-2017-16067 | 1 Node-opencv Project | 1 Node-opencv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16057 | 1 Nodemssql Project | 1 Nodemssql | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16058 | 1 Gruntcli Project | 1 Gruntcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||