CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16155
https://notcve.org/view.php?id=CVE-2017-16155
07 Jun 2018 — fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "fast-http-cli" es la interfaz de línea de comandos para fast-http, un sencillo servidor web. "fast-http-cli" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/fast-http-cli • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10657
https://notcve.org/view.php?id=CVE-2016-10657
04 Jun 2018 — co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. co-cli-installer descarga el módulo co-cli como parte del proceso de instalación, pero lo hace mediante HTTP, lo que lo deja vulnerable a ataques MI... • https://nodesecurity.io/advisories/268 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10597
https://notcve.org/view.php?id=CVE-2016-10597
01 Jun 2018 — cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. cobalt-cli descarga recursos binarios por HTTP, lo que lo deja vulnerable a ataques MITM. • https://nodesecurity.io/advisories/197 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2016-10538
https://notcve.org/view.php?id=CVE-2016-10538
31 May 2018 — The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. El paquete node-cli, en versiones anteriores a la 1.0.0, emplea de forma insegura lock_file y log_file. Ambos son temporales, pero permite que el usuario inicial sobrescriba cualquier archivo al que tenga acceso. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4997
https://notcve.org/view.php?id=CVE-2014-4997
10 Jan 2018 — lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. lib/commands/setup.rb en la gema point-cli 0.0.1 para Ruby coloca credenciales en la línea de comandos de curl. Esto permite que usuarios locales obtengan información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2014/07/07/16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2807 – Gentoo Linux Security Advisory 202004-05
https://notcve.org/view.php?id=CVE-2017-2807
05 Sep 2017 — An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. Existe una vulnerabilidad explotable de desbordamiento de búfer en la funcionalidad de análisis sintáctico de etiquetas de Ledger-CLI 3.1.1. Un archivo journal especialmente manipulado podría provocar un desbordamiento inferior de ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2808 – Gentoo Linux Security Advisory 202004-05
https://notcve.org/view.php?id=CVE-2017-2808
05 Sep 2017 — An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. Existe una vulnerabilidad explotable de uso de memoria previamente liberada (use-after-free) en el componente de análisis sintáctico de cuentas de Ledger-CLI 3.1.1. Un archivo ledger especialmente manipula... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00031.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12481 – Gentoo Linux Security Advisory 202004-05
https://notcve.org/view.php?id=CVE-2017-12481
04 Aug 2017 — The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función find_option en option.cc en Ledger 3.1.1 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en pila y caída de aplicación) o, probablemente, provocar cualquier otro tipo de impacto no especificado utilizando un archivo modificado. M... • http://bugs.ledger-cli.org/show_bug.cgi?id=1222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12482 – Gentoo Linux Security Advisory 202004-05
https://notcve.org/view.php?id=CVE-2017-12482
04 Aug 2017 — The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. La función ledger::parse_date_mask_routine en times.cc en Ledger 3.1.1 permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de búfer basado en pila y caída de aplicación) o, probablemente, provocar cualquier otro tipo de impacto utilizando un... • http://bugs.ledger-cli.org/show_bug.cgi?id=1224 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •