Vendor CVEs
Hackerone
All CVEs
154 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16088 | Cri | 0.00 | 10.0 | 0.03 | Jun 7, 2018 | The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. | ||
| CVE-2017-16038 | Hig | 0.00 | 7.5 | 0.03 | Jun 4, 2018 | `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run. | ||
| CVE-2017-16022 | Med | 0.00 | 6.1 | 0.01 | Jun 4, 2018 | Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that… | ||
| CVE-2017-16014 | Hig | 0.00 | 7.5 | 0.02 | Jun 4, 2018 | Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service. |
- risk 0.00cvss 10.0epss 0.03
The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.
- risk 0.00cvss 7.5epss 0.03
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
- risk 0.00cvss 6.1epss 0.01
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that…
- risk 0.00cvss 7.5epss 0.02
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
Page 4 of 4