CVE-2017-16047

mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Source: CVE-2017-16047

CVE-2017-16061

tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Source: CVE-2017-16061

CVE-2017-16062

node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

Source: CVE-2017-16062

CVE-2018-3745

atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.

Source: CVE-2018-3745

CVE-2017-16153

gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Source: CVE-2017-16153

CVE-2018-6964

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on a Linux machine where Horizon Client is installed.

Source: CVE-2018-6964

CVE-2018-10751

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

Source: CVE-2018-10751

CVE-2018-3734

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.

Source: CVE-2018-3734

CVE-2018-3744

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

Source: CVE-2018-3744

CVE-2018-10466

Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection.

Source: CVE-2018-10466