Lucene search
K

4777 matches found

CVE
CVE
added 2018/06/07 2:0 a.m.52 views

CVE-2017-16070

nodecaffe is a malware package published to hijack environment variables and exfiltrate them to attacker-controlled locations. The npm-hosted module has been unpublished across all versions. Affected context from the provided documents shows malware behavior and cleanup guidance: remove the packa...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.17 views

CVE-2017-16081

cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01286EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.17 views

CVE-2017-16069

nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01177EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.18 views

CVE-2017-16072

nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01177EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.23 views

CVE-2017-16068

ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01177EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.14 views

CVE-2017-16064

node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01177EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.19 views

CVE-2017-16056

mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01123EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.55 views

CVE-2017-16059

CVE-2017-16059 relates to the npm package mssql-node , identified as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The linked advisories corroborate that all versions were unpublished from npm. The vulnerability’s concrete details in connected do...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.54 views

CVE-2017-16063

The CVE-2017-16063 issue corresponds to the node-opensl malware. The affected component is the node-opensl package, which was published to hijack environment variables and exfiltrate them to attacker-controlled locations. All versions have been unpublished from the npm registry. The primary root ...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.50 views

CVE-2017-16078

CVE-2017-16078 concerns the npm package shadow sock—described in connected advisories as a malware that steals environment variables and exfiltrates to attacker-controlled endpoints. The npm advisory and GitHub/OSV entries confirm it has been unpublished from the npm registry; all versions are re...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.76 views

CVE-2017-16074

The CVE-2017-16074 entry concerns the npm package crossenv, which is described in connected documents as malware that hijacks environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from npm. Public advisories (GitHub GHSA and npm advisory) ...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.18 views

CVE-2017-16078

shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01123EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.49 views

CVE-2017-16065

CVE-2017-16065 corresponds to the npm malware incident involving the package named openssl.js, which was published to hijack environment variables and exfiltrate them to attacker-controlled locations. The linked records confirm that the package has been unpublished from the npm registry and that ...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.16 views

CVE-2017-16080

nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01123EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.60 views

CVE-2017-16057

The CVE-2017-16057 entry concerns the nodemssql npm package, which is documented as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. Impact described in linked advisories includes credential ...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.58 views

CVE-2017-16056

CVE-2017-16056 refers to the npm package mssql.js , reported as a malicious module designed to hijack environment variables. The available connected sources confirm that this package steals credentials from environment variables and exfiltrates them to attacker-controlled locations, and that all ...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.19 views

CVE-2017-16079

smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01123EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.44 views

CVE-2017-16069

The CVE-2017-16069 case concerns the nodeffmpeg package, identified as malware that hijacks and exfiltrates environment variables. Several sources (npm advisory, GitHub advisory, OSV) confirm that nodeffmpeg was published as malicious, with all versions unpublished from the npm registry, and that...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.28 views

CVE-2017-16065

openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01177EPSS
Exploits0References1
CVE
CVE
added 2018/06/07 2:0 a.m.51 views

CVE-2017-16071

CVE-2017-16071 concerns the npm package nodemailer-js , described as malware that hijacks environment variables and exfiltrates them to attacker-controlled locations. All versions were unpublished from the npm registry. Connected advisories corroborate malware behavior and provide remediation gui...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder