Vulnerabilidades en HackerOne

470 resultados
CVE-2016-10659poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It maEPSS 1.8%CVE-2016-10667selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attEPSS 1.8%CVE-2016-10633dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable EPSS 1.8%CVE-2016-10677google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-EPSS 1.8%CVE-2016-10540Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `mEPSS 1.7%CVE-2018-3737sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.EPSS 1.7%CVE-2018-16491A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto ObjEPSS 1.7%CVE-2016-10570pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves EPSS 1.7%CVE-2016-10674limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves iEPSS 1.7%CVE-2017-16109easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by plaEPSS 1.7%CVE-2017-16179dasafio is a web server. dasafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" EPSS 1.7%CVE-2017-16222elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placingEPSS 1.7%CVE-2016-10690openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources oEPSS 1.7%CVE-2016-10560galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leEPSS 1.7%CVE-2016-10688Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulEPSS 1.7%CVE-2016-10658native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITMEPSS 1.7%CVE-2017-16014Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crashEPSS 1.7%CVE-2016-10683arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) EPSS 1.7%CVE-2016-10678serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may beEPSS 1.7%CVE-2016-10638js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It mEPSS 1.7%