7797 matches found
node-tkinter information disclosure vulnerability
node-tkinter is a malware that steals environment variables and sends them to attackers. A security vulnerability exists in node-tkinter. An attacker can use this vulnerability to steal environment variables and send them to an address under the attacker's control...
Malicious Typo-Squatting
The node-tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
Malicious Typo-Squatting
The tkinter packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
Malicious Typo-Squatting
The mysqljs packages is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake them for the real one but have malicious actions under the hood such as stealing environment variables...
CVE-2017-16047
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16062
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16061
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Code injection
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16047
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16062
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16061
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
CVE-2017-16061
The CVE refers to the npm package named tkinter, described as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. The MITRE-style impact is primarily confidentiality loss, with practical risk th...
CVE-2017-16062
CVE-2017-16062 relates to the npm package node-tkinter, which is described as malware that steals environment variables and sends them to attacker-controlled locations. The package has been unpublished from the npm registry. Practical impact stated across sources is the exposure of environment va...
Microsoft Edge Chakra - Cross Context Use-After-Free
f.onload = null; // Garbage collection for let i = 0; i 10; i++ new ArrayBuffer1024 1024 40; let obj = opt; // "opt" returns the freed string constant. ; // Closing the diffrent context f.src = 'about:blank'; But in fact, if you run the code, you will see an exception...
radare2 denial of service vulnerability (CNVD-2018-12204)
Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the rstrbuffini function in radare2 2.5.0. The vulnerability is...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
kernel: Stack information leak in the EFS element
A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space...
Octopus Deploy has an unspecified vulnerability (CNVD-2018-10168)
Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy version 3.4.x prior to 2018.4.7. An attacker can exploit the vulnerability to view/update/save variable values in the Tenant Variables area...