Search
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5188 | 1 Opensuse | 1 Open Build Service | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information. | |||||
| CVE-2017-3194 | 1 Pandora | 1 Pandora | 2019-10-09 | 4.3 MEDIUM | 8.1 HIGH |
| Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2017-2685 | 1 Siemens | 3 Sinumerik Integrate Access Mymachine\/ethernet, Sinumerik Integrate Operate Client, Sinumerik Operate | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. | |||||
| CVE-2017-1544 | 1 Ibm | 1 Sterling File Gateway | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812. | |||||
| CVE-2017-2624 | 2 Debian, X.org | 2 Debian Linux, Xorg-server | 2019-10-09 | 1.9 LOW | 7.0 HIGH |
| It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack. | |||||
| CVE-2017-16715 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. | |||||
| CVE-2017-16609 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750. | |||||
| CVE-2017-16607 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718. | |||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16070 | 1 Nodecaffe Project | 1 Nodecaffe | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16069 | 1 Nodeffmpeg Project | 1 Nodeffmpeg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16068 | 1 Ffmepg Project | 1 Ffmepg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16067 | 1 Node-opencv Project | 1 Node-opencv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16064 | 1 Node-openssl Project | 1 Node-openssl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16063 | 1 Node-opensl Project | 1 Node-opensl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16062 | 1 Node-tkinter Project | 1 Node-tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16060 | 1 Babelcli Project | 1 Babelcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16059 | 1 Mssql-node Project | 1 Mssql-node | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16058 | 1 Gruntcli Project | 1 Gruntcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16057 | 1 Nodemssql Project | 1 Nodemssql | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16054 | 1 Nodefabric Project | 1 Nodefabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16053 | 1 Fabric-js Project | 1 Fabric-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-15087 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. | |||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||