VYPR
Vendor

Hackerone

Products
41
CVEs
154
Across products
143
Status
Private

Products

41
View all 41 products →

Recent CVEs

154
View all 154 CVEs →
  • CVE-2017-16082CriJun 7, 2018
    risk 0.65cvss 9.8epss 0.11

    A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a…

  • CVE-2017-16020CriJun 4, 2018
    risk 0.64cvss 9.8epss 0.03

    Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

  • CVE-2015-9244CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.

  • CVE-2017-0903CriOct 11, 2017
    risk 0.58cvss 9.8epss 0.16

    RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.

  • CVE-2017-0899CriAug 31, 2017
    risk 0.58cvss 9.8epss 0.11

    RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.

  • CVE-2016-10551CriMay 29, 2018
    risk 0.57cvss 9.8epss 0.02

    waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. A malicious user can input their…

  • CVE-2017-16035HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.01

    The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint redirects to a HTTP…

  • CVE-2016-10696HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10691HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2016-10689HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2016-10687HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10678HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is…

  • CVE-2016-10670HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2016-10669HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the…

  • CVE-2016-10664HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10662HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the…

  • CVE-2016-10656HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the…

  • CVE-2016-10654HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.01

    sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

  • CVE-2016-10651HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10649HigJun 4, 2018
    risk 0.53cvss 8.1epss 0.02

    frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in…