Export limit exceeded: 24500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16250 | 1 Mitel | 1 St14.2 | 2024-11-21 | N/A |
| A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names. | ||||
| CVE-2017-16232 | 3 Libtiff, Opensuse, Suse | 5 Libtiff, Leap, Linux Enterprise Desktop and 2 more | 2024-11-21 | N/A |
| LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue | ||||
| CVE-2017-16226 | 1 Static-eval Project | 1 Static-eval | 2024-11-21 | N/A |
| The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution. | ||||
| CVE-2017-16225 | 1 Aegir Project | 1 Aegir | 2024-11-21 | N/A |
| aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. | ||||
| CVE-2017-16206 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | N/A |
| The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16205 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | N/A |
| The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16204 | 1 Jquey Project | 1 Jquey | 2024-11-21 | N/A |
| The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16203 | 1 Coffescript Project | 1 Coffescript | 2024-11-21 | N/A |
| The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16202 | 1 Cofeescript Project | 1 Cofeescript | 2024-11-21 | N/A |
| The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation. | ||||
| CVE-2017-16138 | 2 Mime Project, Redhat | 2 Mime, Quay | 2024-11-21 | N/A |
| The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input. | ||||
| CVE-2017-16137 | 2 Debug Project, Redhat | 2 Debug, Quay | 2024-11-21 | N/A |
| The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue. | ||||
| CVE-2017-16136 | 1 Expressjs | 1 Method-override | 2024-11-21 | N/A |
| method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed via the X-HTTP-Method-Override header. | ||||
| CVE-2017-16126 | 1 Botbait Project | 1 Botbait | 2024-11-21 | N/A |
| The module botbait is a tool to be used to track bot and automated tools usage with-in the npm ecosystem. botbait is known to record and track user information. The module tracks the following information. Source IP process.versions process.platform How the module was invoked (test, require, pre-install) | ||||
| CVE-2017-16113 | 1 Parsejson Project | 1 Parsejson | 2024-11-21 | N/A |
| The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | ||||
| CVE-2017-16081 | 1 Cross-env.js Project | 1 Cross-env.js | 2024-11-21 | N/A |
| cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16080 | 1 Nodesass Project | 1 Nodesass | 2024-11-21 | N/A |
| nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16079 | 1 Smb Project | 1 Smb | 2024-11-21 | N/A |
| smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16078 | 1 Shadowsock Project | 1 Shadowsock | 2024-11-21 | N/A |
| shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16077 | 1 Mongose Project | 1 Mongose | 2024-11-21 | N/A |
| mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||
| CVE-2017-16076 | 1 Proxy.js Project | 1 Proxy.js | 2024-11-21 | N/A |
| proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||||