Vendor
Hackerone
Products
40
CVEs
44
Across products
44
Status
Private
Products
40- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- + 10 more — see CVE list below for full coverage.
Recent CVEs
44| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-0903 | Cri | 0.57 | 9.8 | 0.06 | Oct 11, 2017 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution. | |
| CVE-2017-0899 | Cri | 0.57 | 9.8 | 0.07 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | |
| CVE-2017-0902 | Hig | 0.46 | 8.1 | 0.05 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | |
| CVE-2017-0901 | Hig | 0.46 | 7.5 | 0.19 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. | |
| CVE-2018-3726 | 0.00 | — | 0.00 | Jun 7, 2018 | crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | ||
| CVE-2017-16064 | 0.00 | — | 0.00 | Jun 7, 2018 | node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16081 | 0.00 | — | 0.00 | Jun 7, 2018 | cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16145 | 0.00 | — | 0.01 | Jun 7, 2018 | sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16177 | 0.00 | — | 0.01 | Jun 7, 2018 | chatbyvista is a file server. chatbyvista is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16088 | 0.00 | — | 0.02 | Jun 7, 2018 | The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | ||
| CVE-2017-16219 | 0.00 | — | 0.01 | Jun 7, 2018 | yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16071 | 0.00 | — | 0.00 | Jun 7, 2018 | nodemailer-js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16063 | 0.00 | — | 0.00 | Jun 7, 2018 | node-opensl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | ||
| CVE-2017-16108 | 0.00 | — | 0.01 | Jun 7, 2018 | gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16150 | 0.00 | — | 0.01 | Jun 7, 2018 | wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16113 | 0.00 | — | 0.00 | Jun 7, 2018 | The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed. | ||
| CVE-2017-16130 | 0.00 | — | 0.01 | Jun 7, 2018 | exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error. | ||
| CVE-2017-16155 | 0.00 | — | 0.01 | Jun 7, 2018 | fast-http-cli is the command line interface for fast-http, a simple web server. fast-http-cli is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16132 | 0.00 | — | 0.01 | Jun 7, 2018 | simple-npm-registry is a local npm package cache. simple-npm-registry is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | ||
| CVE-2017-16217 | 0.00 | — | 0.01 | Jun 7, 2018 | fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. |