DEBIAN-CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

InkySquid State Actor Exploiting Known IE Bugs

The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...

Centreon 操作系统命令注入漏洞

Centreon, a free and open source IT and application monitoring software, is vulnerable to an OS command injection vulnerability in /graphStatus/displayServiceStatus.php in Centreon version 19.10.8. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell...

How to get Antivirus-related Data from Microsoft Defender for Endpoint using Intune and Graph API

Hello everyone! In this episode, I would like to tell you how I tried to get automatically antivirus-related data current status, engine and signature version, last full scan date from Microsoft Defender for Endpoint using Microsoft Intune and the Graph API. Why is this necessary? You might assum...

CVE-2021-28842

Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP2KAC 1.11B03, and TEW-825DAP 1.11B03, which could let a remote malicious user cause a denial os service by sending the POST request to applycgi via action dographauth without loginname key...

Prototype Pollution

open-graph is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Unspecified vulnerability in node-open-graph

node-open-graph is the open source Node.js implementation of Open Graph. node-open-graph versions prior to 0.2.6 have a security vulnerability that could be exploited by an attacker to use proto or constructor load to spoof the function parse to add or modify Object.prototype's properties...

Huawei EulerOS: Security Advisory for graphviz (EulerOS-SA-2021-2296)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

Design/Logic Flaw

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

Open-Graph (node-open-graph) prior to 0.2.6 is vulnerable to prototype pollution via the parse function, which can be tricked into adding or modifying properties on Object.prototype using a proto or constructor payload. This can lead to unintended behavior or security issues. Remediation: upgrade...

CVE-2021-23419 Prototype Pollution

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

CVE-2021-23419

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

node-open-graph 安全漏洞

node-open-graph is the open source Node.js implementation of Open Graph. node-open-graph versions prior to 0.2.6 have a security vulnerability that could be exploited by an attacker to use proto or constructor load to spoof the function parse to add or modify Object.prototype's properties...

PT-2021-15507 · Unknown · Open-Graph

Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...

silverscreen (>=0.1.0 <=0.1.2) potentially affected by CVE-2021-23419 via open-graph (=0.1.7)

open-graph NPM version =0.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on open-graph and may be impacted: - silverscreen =0.1.0, =0.1.2 Source cves: CVE-2021-23419 Source advisory: SNYK:JS-OPENGRAPH-1536747...

Prototype Pollution

Overview open-graph is an Open Graph implementation for Node.js. Affected versions of this package are vulnerable to Prototype Pollution. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. PoC by Snyk // server.js cons...

Neo4j has unspecified vulnerabilities

Neo4j is a Java-based and fully ACID-compatible graph database from Neo4j, which supports data migration, add-ons, etc. A security vulnerability exists in Neo4j Graph Database versions 4.2 and 4.3, which stems from a failure to reset the security environment during certain transaction operations ...