VYPR

Vendor CVEs

Hackerone

All CVEs

154 total · sorted by risk
  • CVE-2017-16088CriJun 7, 2018
    risk 0.00cvss 10.0epss 0.03

    The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox.

  • CVE-2017-16038HigJun 4, 2018
    risk 0.00cvss 7.5epss 0.03

    `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.

  • CVE-2017-16022MedJun 4, 2018
    risk 0.00cvss 6.1epss 0.01

    Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that…

  • CVE-2017-16014HigJun 4, 2018
    risk 0.00cvss 7.5epss 0.02

    Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.

Page 4 of 4