Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14834 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of FileAttachment annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5026. | |||||
| CVE-2017-14833 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Text Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5025. | |||||
| CVE-2017-14832 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the style attribute of Caret Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5024. | |||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16054 | 1 Nodefabric Project | 1 Nodefabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16053 | 1 Fabric-js Project | 1 Fabric-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16005 | 1 Joyent | 1 Http-signature | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. | |||||
| CVE-2017-16003 | 1 Windows-build-tools Project | 1 Windows-build-tools | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16037 | 1 Gomeplus-h5-proxy Project | 1 Gomeplus-h5-proxy | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16185 | 1 Uekw1511server Project | 1 Uekw1511server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16184 | 1 Scott-blanch-weather-app Project | 1 Scott-blanch-weather-app | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16117 | 1 Slug Project | 1 Slug | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k characters can block the event loop for 2 seconds. | |||||
| CVE-2017-16118 | 1 Forwarded Project | 1 Forwarded | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16119 | 1 Fresh Project | 1 Fresh | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition. | |||||
| CVE-2017-16163 | 1 Dylmomo Project | 1 Dylmomo | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16164 | 1 Desafio Project | 1 Desafio | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files. | |||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16036 | 1 Badjs-sourcemap-server Project | 1 Badjs-sourcemap-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16023 | 1 Decamelize Project | 1 Decamelize | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack. | |||||
| CVE-2017-16114 | 1 Marked Project | 1 Marked | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds. | |||||
| CVE-2017-16120 | 1 Liyujing Project | 1 Liyujing | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | |||||
| CVE-2017-16121 | 1 Datachannel-client Project | 1 Datachannel-client | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16111 | 1 Content Project | 1 Content | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-Disposition header. | |||||
| CVE-2017-16035 | 1 Hubspot | 1 Hubl-server | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation. | |||||
| CVE-2017-16110 | 1 Weather.swlyons Project | 1 Weather.swlyons | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16165 | 1 Calmquist.static-server Project | 1 Calmquist.static-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| calmquist.static-server is a static file server. calmquist.static-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16108 | 1 Gaoxiaotingtingting Project | 1 Gaoxiaotingtingting | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16122 | 1 Cuciuci Project | 1 Cuciuci | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cuciuci is a simple fileserver. cuciuci is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16107 | 1 Pooledwebsocket Project | 1 Pooledwebsocket | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16093 | 1 Cyber-js Project | 1 Cyber-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cyber-js is a simple http server. A cyberjs server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16190 | 1 Dcdcdcdcdc Project | 1 Dcdcdcdcdc | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16170 | 1 Liuyaserver Project | 1 Liuyaserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16191 | 1 Cypserver Project | 1 Cypserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16183 | 1 Iter-server Project | 1 Iter-server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| iter-server is a static file server. iter-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16171 | 1 Hcbserver Project | 1 Hcbserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| hcbserver is a static file server. hcbserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16062 | 1 Node-tkinter Project | 1 Node-tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16172 | 1 Section2.madisonjbrooks12 Project | 1 Section2.madisonjbrooks12 | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| section2.madisonjbrooks12 is a simple web server. section2.madisonjbrooks12 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16063 | 1 Node-opensl Project | 1 Node-opensl | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16182 | 1 Serverxxx Project | 1 Serverxxx | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16192 | 1 Getcityapi.yoehoehne Project | 1 Getcityapi.yoehoehne | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16193 | 1 Mfrs Project | 1 Mfrs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||