Total
8276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-16055 | 1 Sqlserver Project | 1 Sqlserver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16054 | 1 Nodefabric Project | 1 Nodefabric | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16053 | 1 Fabric-js Project | 1 Fabric-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16052 | 1 Node-fabric Project | 1 Node-fabric | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16051 | 1 Sqliter Project | 1 Sqliter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16050 | 1 Sqlite.js Project | 1 Sqlite.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16049 | 1 Nodesqlite Project | 1 Nodesqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16048 | 1 Node-sqlite Project | 1 Node-sqlite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16047 | 1 Mysqljs Project | 1 Mysqljs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16045 | 1 Jquery.js Project | 1 Jquery.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16044 | 1 D3.js Project | 1 D3.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |||||
| CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | |||||
| CVE-2017-15852 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Information leak of the ISPIF base address in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the camera driver. | |||||
| CVE-2017-15851 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | |||||
| CVE-2017-15850 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | |||||
| CVE-2017-15833 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to information exposure. | |||||
| CVE-2017-15814 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2017-15713 | 1 Apache | 1 Hadoop | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. | |||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | |||||
| CVE-2017-15696 | 1 Apache | 1 Geode | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. | |||||