2432 matches found
CVE-2022-23119
A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...
moleculer-rabbitmq-extend-delay (=1.1.12) potentially affected by CVE-2020-7715 +1 more via deep-get-set (=1.1.1)
deep-get-set NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - moleculer-rabbitmq-extend-delay =1.1.12 Source cves: CVE-2020-7715, CVE-2022-21231 Source advisory: SNYK:JS-DEEPGETSET-2342655...
Prototype Pollution
Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715 POC: js let deep = require'deep-get-set';...
CVE-2022-22157
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifie...
CVE-2022-22167
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly...
CVE-2022-22157
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifie...
Design/Logic Flaw
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. While JDPI correctly...
Trend Micro Deep Security 路径遍历漏洞
Trend Micro Deep Security is an intelligent data protection solution from Trend Micro. A path traversal vulnerability exists in the Trend Micro Deep Security Agent, which stems from an input validation error when handling directory traversal sequences. An attacker could exploit this vulnerability...
Trend Micro Deep Security 代码注入漏洞
Trend Micro Deep Security is a suite of intelligent data protection solutions from Trend Micro. A code injection vulnerability exists in the Trend Micro Deep Security Agent that stems from an input validation error when handling directory traversal sequences. An attacker could use this...
PT-2022-6704 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R2-S8 Juniper Networks Junos OS on SRX Series versions 18.4R3 through 18.4R3-S8 Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R2-S2 Juniper Networks Junos O...
Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-22096)
Summary Security vulnerability in Spring Framework affects IBM Watson Explorer. IBM Watson Explorer has addressed the vulnerability. Vulnerability Details CVEID: CVE-2021-22096 DESCRIPTION: VMware Spring Framework could allow a remote attacker to bypass security restrictions. By sending a...
Vulnerabilities fixed Juniper Junos OS
Juniper has fixed several vulnerabilities in Junos OS. The vulnerabilities allow a malicious party to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Spoofing Increased user privileges Because these are...
CVE-2022-22157
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifie...
Juniper Networks Junos OS 安全特征问题漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security signature issue vulnerability exists in Juniper Networks Junos OS due to a traffic classification...
Juniper Networks Junos OS 安全特征问题漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security signature issue vulnerability exists in Juniper Networks Junos OS due to traffic classification...
extend2 安全漏洞
extend2 is a simple function for extending objects. Derived from node-extend, the difference is that deep cloning overwrites the array with the original array. extend2 suffers from a security vulnerability that stems from an unsafe recursive merge...
Friday Squid Blogging: Deep-Dwelling Squid
We have discovered a squid -- Oegopsida, Magnapinnidae, Magnapinna sp. -- that lives at 6,000 meters deep. :They’re really weird," says Vecchione. "They drift along with their arms spread out and these really long, skinny, spaghetti-like extensions dangling down underneath them." Microscopic...
react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)
merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: OSV:GHSA-J28Q-P8WW-CP87...
GHSA-7QM6-9V49-38M9 Prototype Pollution in record-like-deep-assign
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. PoC js const deepAssign = require'record-like-deep-assign'; let obj = ; console.log"Before being polluted: " + obj.polluted; EVILJSON = JSON.parse'"proto":"polluted":true'; deepAssign...
Prototype Pollution in record-like-deep-assign
All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality. PoC js const deepAssign = require'record-like-deep-assign'; let obj = ; console.log"Before being polluted: " + obj.polluted; EVILJSON = JSON.parse'"proto":"polluted":true'; deepAssign...