Search
Total
7597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16579 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244. | |||||
| CVE-2017-16580 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ImageField node of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5281. | |||||
| CVE-2017-16589 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the yTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4977. | |||||
| CVE-2017-16588 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SOT markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4976. | |||||
| CVE-2017-16584 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290. | |||||
| CVE-2017-16609 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750. | |||||
| CVE-2017-16607 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718. | |||||
| CVE-2017-16715 | 1 Moxa | 6 Nport 5110, Nport 5110 Firmware, Nport 5130 and 3 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure. | |||||
| CVE-2017-14818 | 1 Foxitsoftware | 1 Foxit Reader | 2019-10-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images embedded in PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-4982. | |||||
| CVE-2017-16065 | 1 Openssl.js Project | 1 Openssl.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16066 | 1 Opencv.js Project | 1 Opencv.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16067 | 1 Node-opencv Project | 1 Node-opencv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16068 | 1 Ffmepg Project | 1 Ffmepg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16069 | 1 Nodeffmpeg Project | 1 Nodeffmpeg | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16070 | 1 Nodecaffe Project | 1 Nodecaffe | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16062 | 1 Node-tkinter Project | 1 Node-tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16061 | 1 Tkinter Package | 1 Tkinter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16060 | 1 Babelcli Project | 1 Babelcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | |||||
| CVE-2017-16059 | 1 Mssql-node Project | 1 Mssql-node | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | |||||
| CVE-2017-16058 | 1 Gruntcli Project | 1 Gruntcli | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16057 | 1 Nodemssql Project | 1 Nodemssql | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16056 | 1 Mssql.js Project | 1 Mssql.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16054 | 1 Nodefabric Project | 1 Nodefabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16053 | 1 Fabric-js Project | 1 Fabric-js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2019-10-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | |||||