Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16595 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validat ...
Show More |
|||||
| CVE-2017-16592 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to u ...
Show More |
|||||
| CVE-2017-16591 | 1 Netgain-systems | 1 Enterprise Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a ...
Show More |
|||||
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
|
|||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token.
|
|||||
| CVE-2017-16206 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
|
|||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
|
|||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
|
|||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
|
|||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation.
|
|||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install)
|
|||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16070 | 1 Nodecaffe Project | 1 Nodecaffe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16069 | 1 Nodeffmpeg Project | 1 Nodeffmpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16068 | 1 Ffmepg Project | 1 Ffmepg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16067 | 1 Node-opencv Project | 1 Node-opencv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16064 | 1 Node-openssl Project | 1 Node-openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16063 | 1 Node-opensl Project | 1 Node-opensl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16062 | 1 Node-tkinter Project | 1 Node-tkinter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16060 | 1 Babelcli Project | 1 Babelcli | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16059 | 1 Mssql-node Project | 1 Mssql-node | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16058 | 1 Gruntcli Project | 1 Gruntcli | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16057 | 1 Nodemssql Project | 1 Nodemssql | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16054 | 1 Nodefabric Project | 1 Nodefabric | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||
| CVE-2017-16053 | 1 Fabric-js Project | 1 Fabric-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
|||||