CVE List - 2018 / June
Showing 201 - 300 of 1783 CVEs for June 2018 (Page 3 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2016-10655 | 2018-06-04 | The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)... |
| CVE-2016-10656 | 2018-06-04 | qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks.... |
| CVE-2016-10657 | 2018-06-04 | co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10660 | 2018-06-04 | fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10661 | 2018-06-04 | phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10662 | 2018-06-04 | tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-10663 | 2018-06-04 | wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10664 | 2018-06-04 | mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to... |
| CVE-2016-10665 | 2018-06-04 | herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be... |
| CVE-2016-10667 | 2018-06-04 | selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by... |
| CVE-2016-10668 | 2018-06-04 | libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-10669 | 2018-06-04 | soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with... |
| CVE-2016-10670 | 2018-06-04 | windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by... |
| CVE-2016-10671 | 2018-06-04 | mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10672 | 2018-06-04 | cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10673 | 2018-06-04 | ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being... |
| CVE-2016-10675 | 2018-06-04 | libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10676 | 2018-06-04 | rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-10677 | 2018-06-04 | google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It... |
| CVE-2016-10678 | 2018-06-04 | serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)... |
| CVE-2016-10683 | 2018-06-04 | arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an... |
| CVE-2016-10684 | 2018-06-04 | healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10685 | 2018-06-04 | pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by... |
| CVE-2016-10686 | 2018-06-04 | fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)... |
| CVE-2016-10687 | 2018-06-04 | windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10688 | 2018-06-04 | Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause... |
| CVE-2016-10689 | 2018-06-04 | The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10690 | 2018-06-04 | openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible... |
| CVE-2016-10691 | 2018-06-04 | windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote... |
| CVE-2016-10693 | 2018-06-04 | pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to... |
| CVE-2016-10694 | 2018-06-04 | alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks.... |
| CVE-2018-11715 | 2018-06-04 | The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. |
| CVE-2017-1748 | 2018-06-04 | IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site,... |
| CVE-2018-1600 | 2018-06-04 | IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. |
| CVE-2016-10695 | 2018-06-04 | The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution... |
| CVE-2016-10696 | 2018-06-04 | windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)... |
| CVE-2016-10697 | 2018-06-04 | react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code... |
| CVE-2016-8390 | 2018-06-04 | An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic... |
| CVE-2017-0928 | 2018-06-04 | html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed. |
| CVE-2017-0930 | 2018-06-04 | augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. |
| CVE-2017-0931 | 2018-06-04 | html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values. |
| CVE-2017-16005 | 2018-06-04 | Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header... |
| CVE-2017-16006 | 2018-06-04 | Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript. |
| CVE-2017-16007 | 2018-06-04 | node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid... |
| CVE-2017-16008 | 2018-06-04 | i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of... |
| CVE-2017-16009 | 2018-06-04 | ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid. |
| CVE-2017-16013 | 2018-06-04 | hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash... |
| CVE-2017-16014 | 2018-06-04 | Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of... |
| CVE-2017-16015 | 2018-06-04 | Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf... |
| CVE-2017-16016 | 2018-06-04 | Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one... |
| CVE-2017-16017 | 2018-06-04 | sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability. |
| CVE-2017-16018 | 2018-06-04 | Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers. |
| CVE-2017-16019 | 2018-06-04 | GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including... |
| CVE-2017-16020 | 2018-06-04 | Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name. |
| CVE-2017-16021 | 2018-06-04 | uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this,... |
| CVE-2017-16022 | 2018-06-04 | Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the... |
| CVE-2017-16023 | 2018-06-04 | Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be... |
| CVE-2017-16024 | 2018-06-04 | The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access... |
| CVE-2017-16025 | 2018-06-04 | Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This... |
| CVE-2017-16026 | 2018-06-04 | Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the... |
| CVE-2017-16028 | 2018-06-04 | react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). |
| CVE-2017-16029 | 2018-06-04 | hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker... |
| CVE-2017-16030 | 2018-06-04 | Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the... |
| CVE-2017-16031 | 2018-06-04 | Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is... |
| CVE-2017-16035 | 2018-06-04 | The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are... |
| CVE-2017-16036 | 2018-06-04 | `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16037 | 2018-06-04 | `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. |
| CVE-2017-16038 | 2018-06-04 | `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring... |
| CVE-2017-16039 | 2018-06-04 | `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |
| CVE-2017-16040 | 2018-06-04 | gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by... |
| CVE-2017-16041 | 2018-06-04 | ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks. |
| CVE-2017-16042 | 2018-06-04 | Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution. |
| CVE-2017-16043 | 2018-06-04 | Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout... |
| CVE-2017-16044 | 2018-06-04 | `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16045 | 2018-06-04 | `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16046 | 2018-06-04 | `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16048 | 2018-06-04 | `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16049 | 2018-06-04 | `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16050 | 2018-06-04 | `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16051 | 2018-06-04 | `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16052 | 2018-06-04 | `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16053 | 2018-06-04 | `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16054 | 2018-06-04 | `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2017-16055 | 2018-06-04 | `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| CVE-2016-9042 | 2018-06-04 | An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin... |
| CVE-2017-12092 | 2018-06-04 | An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file... |
| CVE-2018-3853 | 2018-06-04 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory... |
| CVE-2016-1000344 | 2018-06-04 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has... |
| CVE-2016-1000345 | 2018-06-04 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can... |
| CVE-2016-1000346 | 2018-06-04 | In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used... |
| CVE-2016-1000352 | 2018-06-04 | In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has... |
| CVE-2017-18286 | 2018-06-05 | nZEDb v0.7.3.3 has XSS in the 404 error page. |
| CVE-2018-11735 | 2018-06-05 | index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. |
| CVE-2018-11736 | 2018-06-05 | An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file. |
| CVE-2018-11554 | 2018-06-05 | The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier... |
| CVE-2018-11678 | 2018-06-05 | plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie. |
| CVE-2018-11737 | 2018-06-05 | An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec... |
| CVE-2018-11738 | 2018-06-05 | An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run... |
| CVE-2018-11739 | 2018-06-05 | An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read... |
| CVE-2018-11740 | 2018-06-05 | An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8... |