CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

CVE-2020-17426

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

K62318311: glibc vulnerability CVE-2017-17426

Security Advisory Description The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the...

CVE-2020-17426

CVE-2020-17426 affects Foxit Studio Photo 3.6.6.922 and earlier, where the vulnerability lies in handling CR2 files. The issue stems from insufficient validation of user-supplied data during CR2 file parsing, leading to a memory corruption condition. Exploitation requires user interaction (target...

CVE-2020-25052

An issue was discovered on Samsung mobile devices with Q10.0 exynos9830 chipsets software. H-Arx allows attackers to execute arbitrary code or cause a denial of service memory corruption because indexes are mishandled. The Samsung ID is SVE-2020-17426 August 2020...

CVE-2020-25052

An issue was discovered on Samsung mobile devices with Q10.0 exynos9830 chipsets software. H-Arx allows attackers to execute arbitrary code or cause a denial of service memory corruption because indexes are mishandled. The Samsung ID is SVE-2020-17426 August 2020...

Memory corruption

An issue was discovered on Samsung mobile devices with Q10.0 exynos9830 chipsets software. H-Arx allows attackers to execute arbitrary code or cause a denial of service memory corruption because indexes are mishandled. The Samsung ID is SVE-2020-17426 August 2020...

CVE-2020-25052

An issue was discovered on Samsung mobile devices with Q10.0 exynos9830 chipsets software. H-Arx allows attackers to execute arbitrary code or cause a denial of service memory corruption because indexes are mishandled. The Samsung ID is SVE-2020-17426 August 2020...

CVE-2020-25052

CVE-2020-25052 affects Samsung mobile devices running Q(10.0) on exynos9830-based hardware. The issue arises in H-Arx where indexing is mishandled, enabling memory corruption that can be leveraged to execute arbitrary code or cause a denial of service. The vulnerability is documented across multi...

01runmodel (>=1.0.3 <=1.0.4), 18a58t9c-upload (>=1.0.0 <=1.0.3) +5672 more potentially affected by CVE-2019-17426 via mongoose (>=5.0.0 <=5.7.4)

mongoose NPM version =5.0.0, =1.0.3, =1.0.0, =1.0.0, =0.20.0, =1.0.4, =1.1.0, =0.1.0, =0.3.5, =0.17.9 and more Source cves: CVE-2019-17426 Source advisory: OSV:GHSA-8687-VV9J-HGPH...

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

CVE-2019-17426

Automattic Mongoose up to version 5.7.4 is affected. The root cause is that a query object containing a _bsontype attribute is ignored, which can bypass access control in some applications (e.g., a query filter interference with _bsontype). The CVE covers this behavior in older versions of the bs...

CVE-2018-17426

creationtimestamp| type| source ---|---|--- 2019-03-08 02:21:45+00:00| seen| https://t.me/cibsecurity/2960...

CVE-2018-17426

WUZHI CMS 4.1.0 is affected by a stored XSS vulnerability in the Extension module, specifically the "SMS in station" field under index.php?m=core. The issue is caused by improper input handling in that field, enabling arbitrary HTML/JS injection. No exploit details or remediation are provided in ...

Fedora Update for glibc FEDORA-2018-9c88c32d15

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : glibc (2017-fb5e227432)

This update fixes minor security bugs CVE-2017-17426, CVE-2017-15804, contains single-threaded optimizations for malloc, and increases compatibility with IBM POWER 9 hardware. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

BELL-CVE-2017-17426 CVE-2017-17426 does not affect BellSoft software

Bulletin has no description...

CVE-2017-17426

CVE-2017-17426 affects the GNU C Library (glibc/libc6) up to version 2.26. The heap overflow arises from an integer overflow check missing in the per-thread cache (tcache) path when allocating an object near SIZE_MAX, potentially allowing code execution. Exploitation details are not provided in t...