Lucene search
K

4777 matches found

CNVD
CNVD
added 2018/06/04 12:0 a.m.3 views

airbrake module information disclosure vulnerability

The airbrake module is an exception report notification program for use in Node.js. A security vulnerability exists in airbrake module version 0.3.8 and earlier, which stems from the program defaulting to sending environment variables with sensitive values over the HTTP protocol. An attacker can...

5.9CVSS6.8AI score0.01301EPSS
Exploits0References1
NVD
NVD
added 2018/05/31 8:29 p.m.16 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.9CVSS5.6AI score0.01301EPSS
Exploits0References2
Prion
Prion
added 2018/05/31 8:29 p.m.14 views

Hardcoded credentials

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

4.3CVSS6.8AI score0.01301EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/31 8:29 p.m.15 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.9CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.24 views

CVE-2016-10530

The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending...

5.6AI score0.01301EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/31 12:0 a.m.2 views

mysqljs Information Disclosure Vulnerability

mysqljs is a malware that steals environment variables and sends them to an attacker. A security vulnerability exists in mysqljs. The vulnerability can be exploited by an attacker to steal environment variables and send them to an address under the attacker's control...

7.5CVSS7.6AI score0.01271EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/31 12:0 a.m.2 views

tkinter Information Disclosure Vulnerability

tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in tkinter. An attacker can exploit the vulnerability to steal environment variables and send them to an address under the attacker's control...

7.5CVSS7.6AI score0.01111EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/31 12:0 a.m.2 views

node-tkinter information disclosure vulnerability

node-tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in node-tkinter. An attacker can use this vulnerability to steal environment variables and send them to an address under the attacker's control...

7.5CVSS7.6AI score0.01083EPSS
Exploits0References1
Veracode
Veracode
added 2018/05/30 5:56 a.m.21 views

Malicious Typo-Squatting

The node-tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

7.5CVSS7.4AI score0.01083EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/05/30 5:41 a.m.18 views

Malicious Typo-Squatting

The tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

7.5CVSS7.4AI score0.01111EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/05/30 5:37 a.m.16 views

Malicious Typo-Squatting

The mysqljs packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...

7.5CVSS7.4AI score0.01271EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/29 8:29 p.m.13 views

CVE-2017-16047

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5CVSS7.5AI score0.01271EPSS
Exploits0References1
NVD
NVD
added 2018/05/29 8:29 p.m.13 views

CVE-2017-16061

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5CVSS7.5AI score0.01111EPSS
Exploits0References1
NVD
NVD
added 2018/05/29 8:29 p.m.15 views

CVE-2017-16062

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5CVSS7.5AI score0.01083EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.12 views

Code injection

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01083EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.17 views

Code injection

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01111EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.17 views

Code injection

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01271EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.19 views

CVE-2017-16062

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01083EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.13 views

CVE-2017-16047

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01271EPSS
Exploits0References1
CVE
CVE
added 2018/05/29 8:0 p.m.52 views

CVE-2017-16062

CVE-2017-16062 relates to the npm package node-tkinter, which is described as malware that steals environment variables and sends them to attacker-controlled locations. The package has been unpublished from the npm registry. Practical impact stated across sources is the exposure of environment va...

7.5CVSS7.4AI score0.01083EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder