@bndynet/bbootstrap (>=1.0.2 <=2.2.1), @bndynet/jslib (>=1.0.52 <=2.0.0) +8 more potentially affected by CVE-2018-16330 via editor.md (=1.5.0)

editor.md NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on editor.md and may be impacted: - @bndynet/bbootstrap =1.0.2, =1.0.52, =2.3.6, =1.0.0, =0.2.0, =0.1.1, =0.1.0, =1.0.0, =1.0.3 Source cves: CVE-2018-16330 Source advisory:...

@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-16487 +1 more via lodash.merge (>=4.0.1 <=4.6.1)

lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...

Autocrack - Hashcat Wrapper To Help Automate The Cracking Process

This python script is a Hashcat https://hashcat.net wrapper to help automate the cracking process. The script includes multiple functions to select a set of wordlists and rules, as well as the ability to run a bruteforce attack, with custom masks, before the wordlist/rule attacks. Autocrack uses...

CVE-2018-12562

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...

rs-brightcove remote code execution vulnerability

rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...

mystem-wrapper Remote Code Execution Vulnerability

mystem-wrapper is a package for installing the Yandex mystem application. A security vulnerability exists in mystem-wrapper that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

Design/Logic Flaw

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

CVE-2017-7820

CVE-2017-7820 : The Firefox

CVE-2017-7831

CVE-2017-7831 affects Firefox before 57. The vulnerability arises from the security wrapper not denying access to some exposed properties via the deprecated exposedProps mechanism on proxy objects. Multiple connected Nessus entries map this CVE to Firefox &lt; 57.0 and refer to Mozilla’s mfsa2017...

CVE-2017-7820

The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

Man-in-the-Middle (MitM)

mystem-wrapper is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on th...

CVE-2016-10686

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...