Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2018
CVE-2017-16077
mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16078
shadowsock was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16079
smb was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16080
nodesass was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16081
cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-07
CVE-2017-16082
A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.
CVSS Score
9.8
EPSS Score
0.716
Published
2018-06-07
CVE-2017-16083
node-simple-router is a minimalistic router for Node. node-simple-router is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16084
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16085
tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
CVE-2017-16086
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
CVSS Score
7.5
EPSS Score
0.578
Published
2018-06-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved