Vulnerabilidades em HackerOne

470 resultados
CVE-2018-3733crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malEPSS 2.2%CVE-2016-10663wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerabEPSS 2.2%CVE-2016-10665herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which lEPSS 2.2%CVE-2018-3745atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.EPSS 2.2%CVE-2015-9241Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sEPSS 2.1%CVE-2018-3719mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious useEPSS 2.1%CVE-2016-10642cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may EPSS 2.1%CVE-2016-10573baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 downlEPSS 2.1%CVE-2016-10624selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary reEPSS 2.1%CVE-2016-10649frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code exEPSS 2.1%CVE-2016-10604dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulneEPSS 2.1%CVE-2016-10628selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources overEPSS 2.1%CVE-2016-10600webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attaEPSS 2.1%CVE-2016-10686fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attaEPSS 2.1%CVE-2016-10694alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binarEPSS 2.1%CVE-2015-9242Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. ThEPSS 2.1%CVE-2016-10584dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, wEPSS 2.1%CVE-2017-16138The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted useEPSS 2.1%CVE-2018-3725hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read conteEPSS 2.0%CVE-2018-3730mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to reaEPSS 2.0%