CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16155
https://notcve.org/view.php?id=CVE-2017-16155
fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "fast-http-cli" es la interfaz de línea de comandos para fast-http, un sencillo servidor web. "fast-http-cli" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/fast-http-cli https://nodesecurity.io/advisories/383 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10657
https://notcve.org/view.php?id=CVE-2016-10657
co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. co-cli-installer descarga el módulo co-cli como parte del proceso de instalación, pero lo hace mediante HTTP, lo que lo deja vulnerable a ataques MITM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando los recursos solicitados por otros controlados por el atacante si éste están en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/268 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10597
https://notcve.org/view.php?id=CVE-2016-10597
cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. cobalt-cli descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/197 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2016-10538
https://notcve.org/view.php?id=CVE-2016-10538
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. El paquete node-cli, en versiones anteriores a la 1.0.0, emplea de forma insegura lock_file y log_file. Ambos son temporales, pero permite que el usuario inicial sobrescriba cualquier archivo al que tenga acceso. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252 https://github.com/node-js-libs/cli/issues/81 https://nodesecurity.io/advisories/95 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4997
https://notcve.org/view.php?id=CVE-2014-4997
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. lib/commands/setup.rb en la gema point-cli 0.0.1 para Ruby coloca credenciales en la línea de comandos de curl. Esto permite que usuarios locales obtengan información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2014/07/07/16 http://www.openwall.com/lists/oss-security/2014/07/17/5 http://www.securityfocus.com/bid/68735 http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •