CWE-506
Embedded Malicious Code
Description
The product contains code that appears to be malicious in nature.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-442 · CAPEC-448 · CAPEC-636
CVEs mapped to this weakness (82)
page 3 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16075 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16074 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16073 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16072 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16071 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16070 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16069 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16068 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16067 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16066 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16065 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16064 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16063 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16060 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16059 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16058 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | |
| CVE-2017-16057 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16056 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2018 | mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16055 | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16054 | — | Hig | 0.49 | 7.5 | 0.01 | Jun 4, 2018 | `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. |
- risk 0.49cvss 7.5epss 0.01
http-proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
crossenv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
noderequest was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodecaffe was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodeffmpeg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
ffmepg was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opencv was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
opencv.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
openssl.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
babelcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
gruntcli was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
- risk 0.49cvss 7.5epss 0.01
`nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.