CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2017-16080 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1302 CVE-2017-16079 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1303 CVE-2017-16078 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1304 CVE-2017-16077 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1305 CVE-2017-16076 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1306 CVE-2017-16075 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1307 CVE-2017-16074 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1308 CVE-2017-16073 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1309 CVE-2017-16072 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1310 CVE-2017-16071 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1311 CVE-2017-16070 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1312 CVE-2017-16069 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1313 CVE-2017-16068 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1314 CVE-2017-16067 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1315 CVE-2017-16066 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1316 CVE-2017-16065 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1317 CVE-2017-16064 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1318 CVE-2017-16063 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1319 CVE-2017-16060 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1320 CVE-2017-16059 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1321 CVE-2017-16058 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1322 CVE-2017-16057 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1323 CVE-2017-16056 200 +Info 2018-06-07 2019-10-09
5.0
None Remote Low Not required Partial None None
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1324 CVE-2017-16055 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1325 CVE-2017-16054 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1326 CVE-2017-16053 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1327 CVE-2017-16052 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1328 CVE-2017-16051 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1329 CVE-2017-16050 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1330 CVE-2017-16049 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1331 CVE-2017-16048 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1332 CVE-2017-16046 2018-06-04 2020-11-16
5.0
None Remote Low Not required Partial None None
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1333 CVE-2017-16045 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1334 CVE-2017-16044 200 +Info 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
1335 CVE-2017-16043 74 2018-06-04 2019-10-09
4.3
None Remote Medium Not required None Partial None
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
1336 CVE-2017-16042 78 Exec Code 2018-06-04 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
1337 CVE-2017-16041 319 2018-06-04 2019-10-09
4.3
None Remote Medium Not required Partial None None
ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.
1338 CVE-2017-16040 319 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
1339 CVE-2017-16039 22 Dir. Trav. 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1340 CVE-2017-16038 22 Dir. Trav. 2018-06-04 2018-07-19
5.0
None Remote Low Not required Partial None None
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
1341 CVE-2017-16037 22 Dir. Trav. 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
1342 CVE-2017-16036 22 Dir. Trav. 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
1343 CVE-2017-16035 319 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP url. Because of this behavior an attacker with the ability to man-in-the-middle a developer or system performing a package installation could compromise the integrity of the installation.
1344 CVE-2017-16031 330 +Info 2018-06-04 2018-07-31
5.0
None Remote Low Not required Partial None None
Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information.
1345 CVE-2017-16030 2018-06-04 2019-10-09
5.0
None Remote Low Not required None None Partial
Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier.
1346 CVE-2017-16029 22 Dir. Trav. 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.
1347 CVE-2017-16028 338 2018-06-04 2019-10-09
5.0
None Remote Low Not required Partial None None
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
1348 CVE-2017-16026 20 2018-06-04 2019-10-09
7.1
None Remote Medium Not required Complete None None
Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.
1349 CVE-2017-16025 287 DoS 2018-06-04 2019-10-09
4.3
None Remote Medium Not required None None Partial
Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Submitting an invalid cookie on the websocket upgrade request will cause the node process to error out.
1350 CVE-2017-16024 200 +Info 2018-06-04 2019-10-09
4.0
None Remote Low ??? Partial None None
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists.
Total number of vulnerabilities : 1788   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.