Vulnerabilidades en HackerOne

470 resultados
CVE-2016-10563During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attacEPSS 0.8%CVE-2018-16480A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanEPSS 0.8%CVE-2017-16207discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin.EPSS 0.7%CVE-2017-16035The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from apEPSS 0.7%CVE-2016-10680adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources oEPSS 0.7%CVE-2018-3759private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the sockEPSS 0.7%CVE-2018-16481A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absEPSS 0.7%CVE-2016-10537backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your REPSS 0.7%CVE-2017-16041ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.7%CVE-2016-10549Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration wEPSS 0.6%CVE-2016-10592jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2018-3716simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.EPSS 0.6%CVE-2018-16484A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escEPSS 0.6%CVE-2016-10568geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data EPSS 0.6%CVE-2016-10618node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2016-10578unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves EPSS 0.6%CVE-2016-10594ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources EPSS 0.6%CVE-2016-10641node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.6%CVE-2016-10630install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.EPSS 0.5%CVE-2016-10673ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITEPSS 0.5%