| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
| Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
| In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath. |
| In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. |
