Design/Logic Flaw

An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo wrong case: XBornID versus XBORNID that allows an attacker to change the owner of the contract and obtain cryptocurrency for free...

Prototype Pollution

dset is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

AIRDROPX BORN Security Vulnerability

AIRDROPX BORN is an API token service from AIRDROPX BORN that can be used to convert and exchange Bitcoin with other network coins. A security vulnerability exists in AIRDROPX BORN version 2019-05-29 and earlier versions, which stems from a misspelling of the name of the constructor function in t...

Etherscan ERC20 Token Security Vulnerability

Etherscan ERC20 Token is a validation service organized by Etherscan for use in EtherCurrency services. A security vulnerability exists in the Etherscan ERC20 Token version 2019-06-05 and prior versions, which stems from a typo in the constructor that implements the smart contract. An attacker...

MORPH Token Security Vulnerability

MORPH Token is an API token service from MORPH Token that can be used to convert and exchange Bitcoin with other network coins. A security vulnerability exists in MORPH Token version 2019-06-05 and prior versions that stems from a spelling error in the constructor of an owned contract inherited b...

Type confusion

This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448...

Evangelion1204 Multi-ini Resource Management Error Vulnerability

Evangelion1204 Multi-ini is Evangelion1204 individual developers of a Javascript-based language written for Ini configuration file parsing code library . The code base supports compatibility with the Zend file format. A security vulnerability exists in versions prior to multi-ini 2.1.2, which ste...

PT-2020-17015 · Multi-Ini · Multi-Ini

Name of the Vulnerable Software and Affected Versions: multi-ini versions prior to 2.1.2 Description: The issue allows an object's prototype to be polluted by specifying the constructor.proto object as part of an array, effectively bypassing a previous security measure. Recommendations: For...

Prototype Pollution

Overview multi-ini is an ini-file parser which supports multi line, multiple levels and arrays to get a maximum of compatibility with Zend config files. Affected versions of this package are vulnerable to Prototype Pollution. It is possible to pollute an object's prototype by specifying the...

Prototype Pollution

ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

Highlight.js is vulnerable to prototype pollution. The attacker is able to get control of value of “path” and modify attributes such as proto, constructor and prototype...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

CVE-2020-0438

In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

CVE-2020-0438

In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...

ASB-A-161812320

In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

skia:sksl2spirv: Segv on unknown address in std::__1::unique_ptr<SkSL::Expression, std::__1::default_delete<SkSL::Expression

Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=6198631948091392 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2spirv Job Type: libfuzzerasanskia Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State:...

Prototype Pollution

bmoor is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype via the set function...