File Download Vulnerability in Ampcom Deep Security Gateway

Ltd. is a provider of specialized core system products and security services for visual network security. A file download vulnerability exists in the Ambient Deep Security Gateway, which can be exploited by attackers to obtain sensitive information...

UBUNTU-CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...

Weak Password Vulnerability in IP-COM Deep Internet Behavior Management of Shenzhen HeWeiShun Network Technology Company Limited (CNVD-2021-43952)

Shenzhen HeWeiShun Network Technology Co., Ltd. business scope includes: network products, communication products, computer software and hardware, integrated circuit technology development, etc.. A weak password vulnerability exists in IP-COM Deep Internet Behavior Management. Attackers utilize t...

Weak Password Vulnerability in Ampcom Deep Security Gateway

"ABT", started in 2011, is a provider of specialized core system products and security services for visual network security, with the concept of "Seeing Security, Experiencing Value" as the core. A weak password vulnerability exists in ABT Deep Security Gateway, which can be exploited by attacker...

Prototype Pollution

Overview merge-deep before 3.0.3 can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library. Recommendation...

@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +72 more potentially affected by CVE-2021-26707 via merge-deep (>=0.1.5 <=3.0.2)

merge-deep NPM version =0.1.5, =0.1.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.3 and more Source cves: CVE-2021-26707 Source advisory: OSV:GHSA-R6RJ-9CH6-G264...

GHSA-R6RJ-9CH6-G264 Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

Command Execution Vulnerability in DeepSync IPSec VPNs

DeepTrust IPSec VPN provides an all-in-one networking solution for small and medium-sized branches. A command execution vulnerability exists in the DeepSync IPSec VPN, which can be exploited by an attacker to gain control of the server...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

Code injection

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The CVE-2021-26707 entry covers the merge-deep library for Node.js, which is vulnerable to prototype pollution in versions before 3.0.3. A specially crafted payload can overwrite or extend Object.prototype, causing the polluted properties to be inherited by all objects in the program. Documented ...

PT-2021-17103 · Unknown · Merge-Deep

Name of the Vulnerable Software and Affected Versions: merge-deep library versions prior to 3.0.3 Description: The issue allows an attacker to trick the library into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in t...

merge-deep 安全漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A security vulnerability exists in merge-deep before 3.0.3, which stems from the fact that the merge-deep library may be spoofed to override attributes of Object, the merge-deep library may be spoofe...

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access EAA platform...

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...