CVE-2021-32299

An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet located in paramset.h. It allows an attacker to cause code Execution...

The vulnerability of the VDasher constructor in the Lottie playback library, related to data type conversion errors, allows attackers to access confidential data.

The vulnerability of the VDasher compiler’s Lottie animation playback library Rlottie is related to data type conversion errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a malicious animated sticker...

cumulativePower check should be inclusive

Handle pauliax Vulnerability details Impact Based on my understanding cumulativePower checks should be inclusive to indicate when the threshold is met. Otherwise, there might be impossible to reach it in certain cases e.g. when 100% power is required. Replace '' with '=' in constructor and functi...

GHSA-VJMG-PC8H-P6P8 Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

CVE-2020-21066

An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4Dec3Atom::AP4Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service program crash, as demonstrated by mp42aac...

CVE-2021-23419 Prototype Pollution

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

PT-2021-15507 · Unknown · Open-Graph

Name of the Vulnerable Software and Affected Versions: open-graph versions prior to 0.2.6 Description: The issue affects the parse function, which can be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload. This could potentially lead to unintended...

CVE-2021-23408

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

Design/Logic Flaw

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

CVE-2021-23408 Prototype Pollution

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

Prototype Pollution

Overview com.graphhopper:graphhopper-web-bundle is a GraphHopper routing engine as a web-service Affected versions of this package are vulnerable to Prototype Pollution. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload. P...

Lending Pair initialize function can be front run.

Handle jonah1005 Vulnerability details Impact LendingPair does not initialize tokenMaster, controller, tokens. A hacker can listen the deployer address and front run the initialize transaction. The initialized contract would look almost exactly the same if the hacker only replace lpTokenMaster wi...

No support for token with decimals > 18

Handle s1m0 Vulnerability details Impact The smart contract doesn't behave correctly if deployed with token that have decimals 18. Proof of Concept The functions tokenToWad and wadToToken revert if the tokenDecimals is 18. These functions are called in critical places like deposit and withdraw...

Constructor.Win32.Bifrose.asc Buffer Overflow / Heap Corruption

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9e1ef166901534c276b5eeeee511fe22.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Constructor.Win32.Bifrose.asc Vulnerability: Local Stack Buffer Overflow Heap Corruption Description...

Prototype Pollution

nedb is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-23395

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload...

PT-2021-15488 · Nedb · Nedb

Name of the Vulnerable Software and Affected Versions: nedb versions all Description: The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload. This issue affects all versions of the package. Recommendations: For all...

Prototype Pollution

set-getter is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-30180

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary...