Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16089 | 1 Serverlyr Project | 1 Serverlyr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| serverlyr is a simple http server. serverlyr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16088 | 1 Safe-eval Project | 1 Safe-eval | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | |||||
| CVE-2017-16086 | 1 Ua-parser Project | 1 Ua-parser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header. | |||||
| CVE-2017-16085 | 1 Tinyserver2 Project | 1 Tinyserver2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16084 | 1 List-n-stream Project | 1 List-n-stream | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | |||||
| CVE-2017-16083 | 1 Node-simple-router | 1 Node-simple-router | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. | |||||
| CVE-2017-16082 | 1 Node-postgres | 1 Pg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. | |||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16075 | 1 Http-proxy.js Project | 1 Http-proxy.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16074 | 1 Crossenv Project | 1 Crossenv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16073 | 1 Noderequest Project | 1 Noderequest | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16072 | 1 Nodemailer.js Project | 1 Nodemailer.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16071 | 1 Nodemailer-js Project | 1 Nodemailer-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16070 | 1 Nodecaffe Project | 1 Nodecaffe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16069 | 1 Nodeffmpeg Project | 1 Nodeffmpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||