17 matches found
Exploit for Prototype Pollution in Datatables Datatables.Net
CVE-2020-28458 Affected versions of this package are vulnerabl...
Security Bulletin: A Prototype Pollution vulnerability in jquery.dataTables affects IBM Tivoli Network Manager IP Edition (ITNM) (CVE-2020-28458)
Summary A Prototype Pollution vulnerability in jquery.dataTables was addressed in ITNM version 4.2 Fix Pack 23 4.2.0.23 Vulnerability Details CVEID:CVE-2020-28458 DESCRIPTION: All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for...
CBL Mariner 2.0 Security Update: reaper (CVE-2020-28458)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28458 advisory. - All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for...
Tenable Nessus < 10.3.1 Multiple Vulnerabilities (TNS-2022-20)
Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...
Security Bulletin: Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus
Summary Vulnerabilities in Apache and Node.js such as execution of arbitrary code on the system, cross -site scripting, and bypassing security restrictions, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28458 DESCRIPTION: Node.js datatables.net module could allow a...
RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...
RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, enhance (Moderate) (RHSA-2021:1186)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1186 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...
Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
An update is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance
An update for org.ovirt.engine-root, ovirt-engine-ui-extensions, and ovirt-web-ui is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: RHV RHEL Host (ovirt-host) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
Updated host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : RHV Host (ovirt-host) 4.4.z security, (Moderate) (RHSA-2021:1184)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:1184 advisory. The ovirt-hosted-engine-setup package provides a self-hosted engine tool for the Red Hat Virtualization Manager. A self-hosted engine is a virtualize...
@coreui/coreui-datatables (=1.0.0), @daai/sb-decloud (>=1.0.0 <=1.0.11) +38 more potentially affected by CVE-2020-28458 via datatables.net (>=1.10.12 <=1.10.21)
datatables.net NPM version =1.10.12, =1.0.0, =1.0.0, =3.0.0, =1.1.1, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =0.0.0, =0.1.56, =0.2.151 and more Source cves: CVE-2020-28458 Source advisory: OSV:GHSA-M7J4-FHG6-XF5V...
CVE-2020-28458
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...
CVE-2020-28458
creationtimestamp| type| source ---|---|--- 2020-12-16 15:25:18+00:00| seen| https://t.me/cibsecurity/20904 2025-12-04 15:00:08+00:00| published-proof-of-concept| Telegram/p1kctDWMPjRH9UHDphPObPnl4Jga04s8GRgza3noeTXcn4...
CVE-2020-28458
CVE-2020-28458 affects datatables.net across all versions due to an incomplete fix enabling Prototype Pollution. Public references indicate a direct exploit surface (prototype pollution) via the datatables.net package, with exploit scripts available targeting vulnerable versions (e.g., datatables...
@coreui/coreui-datatables (=1.0.0), @daai/sb-decloud (>=1.0.0 <=1.0.11) +38 more potentially affected by CVE-2020-28458 via datatables.net (>=1.10.12 <=1.10.22)
datatables.net NPM version =1.10.12, =1.0.0, =1.0.0, =3.0.0, =1.1.1, =0.0.1, =1.0.2, =1.0.0, =1.0.0, =0.0.0, =0.1.56, =0.2.151 and more Source cves: CVE-2020-28458 Source advisory: SNYK:JS-DATATABLESNET-1016402...
JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)
The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...