|
251261
|
6.1 |
MEDIUM
Network
|
i18next
|
i18next
|
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16008
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251262
|
5.9 |
MEDIUM
Network
|
cisco
|
node-jose
|
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an …
|
NVD-CWE-noinfo
|
CVE-2017-16007
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251263
|
6.1 |
MEDIUM
Network
|
remarkable_project
|
remarkable
|
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16006
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251264
|
7.5 |
HIGH
Network
|
joyent
|
http-signature
|
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signatur…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16005
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251265
|
7.5 |
HIGH
Network
|
gaoxuyan_project
|
gaoxuyan
|
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16153
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251266
|
7.5 |
HIGH
Network
|
node-tkinter_project
|
node-tkinter
|
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16062
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251267
|
7.5 |
HIGH
Network
|
tkinter_package
|
tkinter
|
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16061
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251268
|
7.5 |
HIGH
Network
|
mysqljs_project
|
mysqljs
|
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16047
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251269
|
6.1 |
MEDIUM
Network
|
i18next
|
i18next
|
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16010
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251270
|
8.1 |
HIGH
Network
|
windows-build-tools_project
|
windows-build-tools
|
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-16003
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
