CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 2CVE-2016-10538
https://notcve.org/view.php?id=CVE-2016-10538
The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to. El paquete node-cli, en versiones anteriores a la 1.0.0, emplea de forma insegura lock_file y log_file. Ambos son temporales, pero permite que el usuario inicial sobrescriba cualquier archivo al que tenga acceso. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809252 https://github.com/node-js-libs/cli/issues/81 https://nodesecurity.io/advisories/95 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-4997
https://notcve.org/view.php?id=CVE-2014-4997
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process. lib/commands/setup.rb en la gema point-cli 0.0.1 para Ruby coloca credenciales en la línea de comandos de curl. Esto permite que usuarios locales obtengan información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2014/07/07/16 http://www.openwall.com/lists/oss-security/2014/07/17/5 http://www.securityfocus.com/bid/68735 http://www.vapid.dhs.org/advisories/point-cli-0.0.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •