Security Vulnerabilities - CVEs Published In June 2018
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
CVSS Score
9.8
EPSS Score
0.009
Published
2018-06-04
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-04
`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-06-04