|
252391
|
6.1 |
MEDIUM
Network
|
remarkable_project
|
remarkable
|
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16006
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252392
|
7.5 |
HIGH
Network
|
joyent
|
http-signature
|
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signatur…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16005
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252393
|
7.5 |
HIGH
Network
|
gaoxuyan_project
|
gaoxuyan
|
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16153
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252394
|
7.5 |
HIGH
Network
|
node-tkinter_project
|
node-tkinter
|
node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16062
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252395
|
7.5 |
HIGH
Network
|
tkinter_package
|
tkinter
|
tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16061
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252396
|
7.5 |
HIGH
Network
|
mysqljs_project
|
mysqljs
|
mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
|
CWE-200
Information Exposure
|
CVE-2017-16047
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252397
|
6.1 |
MEDIUM
Network
|
i18next
|
i18next
|
i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16010
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252398
|
8.1 |
HIGH
Network
|
windows-build-tools_project
|
windows-build-tools
|
windows-build-tools is a module for installing C++ Build Tools for Windows using npm. windows-build-tools versions below 1.0.0 download resources over HTTP, which leaves it vulnerable to MITM attacks…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-16003
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252399
|
7.8 |
HIGH
Local
|
google
|
android
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "use…
|
CWE-119
CWE-129
Incorrect Access of Indexable Resource ('Range Error')
Improper Validation of Array Index
|
CVE-2017-15855
|
2024-11-21 12:15 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252400
|
6.5 |
MEDIUM
Network
|
apache
|
uimaj
uima-as
uimafit
uimaducc
|
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates …
|
CWE-611
XXE
|
CVE-2017-15691
|
2024-11-21 12:15 |
2018-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
