SUSE CVE-2021-45931

HarfBuzz 2.9.0 has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...

Prototype Pollution

convict is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the set function in main.js and modify attributes such as proto, constructor, and other prototype base objects...

Prototype Pollution

Overview dot-lens is a Simple, compiled dot lenses Affected versions of this package are vulnerable to Prototype Pollution via the set function in index.js file. PoC var dot = require"dot-lens" console.log"before:"+.test dot.set"proto.test","123" console.log"after:"+.test Details Prototype...

CVE-2022-4742 json-pointer index.js set prototype pollution

A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...

PT-2022-14798 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a logic error in the code of ppmpu set in ppmpu.c, which could lead to local information disclosure without requiring additional execution privileges. User interaction is not necessary for...

CVE-2022-4064 Dalli Meta Protocol request_formatter.rb self.meta_set injection

A vulnerability was found in Dalli up to 3.2.2. It has been classified as problematic. Affected is the function self.metaset of the file lib/dalli/protocol/meta/requestformatter.rb of the component Meta Protocol Handler. The manipulation of the argument cas/ttl leads to injection. It is possible ...

CVE-2022-42078

Tenda AC1206 USAC1206V1.0RTLV15.03.06.23multiTD01 is vulnerable to Cross Site Request Forgery CSRF via function fromSysToolRestoreSet...

SAMSUNG Mobile devices 资源管理错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung. A security vulnerability exists in SAMSUNG Mobile devices SMR Oct-2022 Release 1, which stems from the use of after free vulnerability in the setnftpid and...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master, which results in a denial of service due to a null pointer reference in the gffilterpidsetpropertyfull function in its filtercore/filterpid.c:5250 component...

Deserialization Of Untrusted Data

Jackson Databind is vulnerable to deserialization of untrusted data. The vulnerability exists in Set function in SubTypeValidator.java when handling interactions related to class ignite-jta which allows an attacker to inject and execute malicious codes...

CVE-2022-32040

Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm...

Prototype Pollution

sds is vulnerable to prototype pollution.The vulnerability exists due to an incomplete of CVE-2020-7618 where an injection of attributes can pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...

GHSA-PH28-WWFJ-FV7F Prototype Pollution in sds

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

Prototype Pollution in sds

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

Design/Logic Flaw

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

CVE-2022-25862

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618...

sds 安全漏洞

sds is a structured data search package. A security vulnerability exists in sds version 0.0.0 and later, which originates from a misuse of the set function located in js/set.js, where the library could be tricked into adding or modifying properties of Object.prototype...

nconf has unspecified vulnerabilities

nconf is a TOML-formatted plugin. nconf versions prior to 0.11.4 have a security vulnerability that stems from the .set function, which is responsible for setting configuration properties, being vulnerable to prototype contamination, which can be exploited by attackers to override JavaScript...

GHSA-6XWR-Q98W-RVG7 Prototype Pollution in nconf

nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to...