Lucene search
K

216 matches found

CVE
CVE
added 2018/06/04 7:0 p.m.55 views

CVE-2017-16053

The CVE-2017-16053 issue involves the npm package fabric-js , published as malware intended to hijack environment variables. Several connected sources (GHSA advisory, npm advisory, and CVE records) confirm that all versions were unpublished from the npm registry and that the malware steals enviro...

7.5CVSS7.4AI score0.01123EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.18 views

CVE-2017-16045

jquery.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01123EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.12 views

Code injection

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01083EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.17 views

Code injection

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01111EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.18 views

Code injection

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01271EPSS
Exploits0References1
CVE
CVE
added 2018/05/29 8:0 p.m.54 views

CVE-2017-16061

The CVE refers to the npm package named tkinter, described as malware that steals environment variables and exfiltrates them to attacker-controlled locations. All versions have been unpublished from the npm registry. The MITRE-style impact is primarily confidentiality loss, with practical risk th...

7.5CVSS7.4AI score0.01111EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.20 views

CVE-2017-16062

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

7.5AI score0.01083EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/27 12:0 a.m.6 views

MISP cross-site scripting vulnerability (CNVD-2018-06388)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Events/resolvedattributes.ctp file in MISP. A remote...

6.1CVSS6AI score0.00809EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/03/23 5:29 p.m.4 views

CVE-2018-8948

In MISP before 2.4.89, app/View/Events/resolvedattributes.ctp has multiple XSS issues via a malicious MISP module...

6.1CVSS5.4AI score0.00809EPSS
Exploits0References2
Veracode
Veracode
added 2017/11/01 6:53 a.m.15 views

Malicious Module

pandora-doomsday and test-module-a are modules which can infect other modules. During installation, the module runs a postinstall script that adds the package's author mr-robot as an owner to every other package owned by the user that ran the npm install method...

9.8CVSS9.1AI score0.01455EPSS
Exploits0References3Affected Software2
Mageia
Mageia
added 2015/04/18 8:21 a.m.17 views

Updated perl-Module-Signature packages fix security vulnerabilities

Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...

1.8AI score
Exploits0References2
Saint
Saint
added 2009/09/24 12:0 a.m.20 views

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

9.3CVSS6.4AI score0.06724EPSS
Exploits4
Mozilla
Mozilla
added 2009/09/09 12:0 a.m.47 views

Insufficient warning for PKCS11 module installation and removal — Mozilla

Mozilla security researcher Jesse Ruderman reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 modu...

9.3CVSS4.1AI score0.06724EPSS
Exploits4References2Affected Software1
OSV
OSV
added 2008/06/11 1:32 a.m.3 views

DEBIAN-CVE-2008-2230

Untrusted search path vulnerability in 1 reportbug 3.8 and 3.31, and 2 reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory...

4.6CVSS7.5AI score0.00525EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2008/06/11 1:32 a.m.23 views

CVE-2008-2230

Untrusted search path vulnerability in 1 reportbug 3.8 and 3.31, and 2 reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory...

4.6CVSS6AI score0.00525EPSS
Exploits1References1
exploitpack
exploitpack
added 2001/01/02 12:0 a.m.20 views

GTK+ 1.2.8 - Arbitrary Loadable Module Execution

GTK+ 1.2.8 - Arbitrary Loadable Module Execution // source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The proble...

7.5AI score
Exploits0
Rows per page
Query Builder