Prototype Pollution

adolphdudu/ratio-swiper is vulnerable to Prototype Pollution. The vulnerability is due to by passing crafted arguments with the proto property using functions like extendDefaults and parse. The vulnerability allows attackers to alter the behavior of all objects inheriting from the affected...

Prototype Pollution

@cat5th/key-serializer is vulnerable to Prototype Pollution. The vulnerability is due to passing crafted arguments with the proto property using functions like query, set, default.query, and default.set. The vulnerability allows attackers to alter the behavior of all objects inheriting from the...

Prototype Pollution

@jsonic/jsonic-next is vulnerable to Prototype Pollution. The vulnerability is due to several functions including empty, util.clone, util.prop, util.deep, and make, which can be exploited by passing crafted arguments with the proto property. This allows attackers to alter the behavior of all...

SUSE CVE-2009-3889

The dbglvl file for the megaraidsas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the 1 behavior and 2 logging level of the driver by modifying this file...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

Code injection

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service...