Unspecified vulnerability in nodemailer.js (CNVD-2018-22103)

nodemailer.js is a JavaScript implementation for sending e-mail . A security vulnerability exists in nodemailer.js. An attacker can exploit the vulnerability to steal environment variables...

Unspecified vulnerability in mongose

mongose is an embedded web server. A security vulnerability exists in mongose. An attacker can exploit this vulnerability to steal environment variables...

Unspecified vulnerability in proxy.js

proxy.js is an HTTP proxy. A security vulnerability exists in proxy.js. An attacker can exploit this vulnerability to steal environment variables...

node-opencv design vulnerability

node-opencv is a JavaScript library for connecting to OpenCV. A security vulnerability exists in node-opencv. An attacker can exploit the vulnerability to steal environment variables...

CVE-2018-12089

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...

New Relic: Insecure Infrastructure Integrations YML Loading leads to Windows Privilege Escalation

After installing the Windows Infrastructure client as discussed in https://docs.newrelic.com/docs/infrastructure/new-relic-infrastructure/installation/install-infrastructure-windows-server I noticed that integration yml config files are not only loaded from the folder within Program Files, but al...

CVE-2018-1281

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLCPSROOTURI and DMLCPSROOTPORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLCPSROOTURI onc...

Malicious Typo-Squatting

cross-env.js is a malicious typo-squatter package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodesass is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

smb is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

shadowsock is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

mongose is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

proxy.js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

http-proxy.js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

crossenv is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

noderequest is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodemailer.js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodemailer-js is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodecaffe is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...

Malicious Typo-Squatting

nodeffmpeg is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...