‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades...

GHSA-28MC-G557-92M7 @75lb/deep-merge Prototype Pollution vulnerability

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

@75lb/deep-merge Prototype Pollution vulnerability

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38986

CVE-2024-38986 ffects 75lb deep-merge 1.1.1. A prototype-pollution flaw in lodash merge methods could allow an attacker to alter Object.prototype and potentially execute arbitrary code or cause a Denial of Service (DoS). The connected documents consistently describe Prototype Pollution in 75lb de...

CVE-2024-38983

CVE-2024-38983 affects the JavaScript library mini-deep-assign v0.0.8, where the prototype pollution arises from the internal _assign() at /lib/index.js:91. This enables an attacker to execute arbitrary code or cause a Denial of Service (DoS) and other impacts as described in multiple connected s...

mini-deep-assign 安全漏洞

mini-deep-assign is a library by Alexander Personal Developer. A security vulnerability exists in mini-deep-assign version v0.0.8. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service and other impact via the assign method at /lib/index.js:91...

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38986

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

CVE-2024-38983

Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method at /lib/index.js:91...

@75lb/deep-merge Prototype Pollution vulnerability

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via merge methods of lodash to merge objects...

PT-2024-28300 · Unknown · Mini-Deep-Assign

Name of the Vulnerable Software and Affected Versions: mini-deep-assign version 0.0.8 Description: The issue allows an attacker to execute arbitrary code or cause a Denial of Service DoS and cause other impacts via the assign method. This method is located at /lib/index.js:91. Recommendations: Fo...

PT-2024-28302 · Lodash +1 · Lodash +1

Name of the Vulnerable Software and Affected Versions: 75lb deep-merge version 1.1.1 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS and have other impacts via merge methods of lodash to merge objects. This is due to Prototype Pollution in the...

New Chrome Feature Scans Password-Protected Files for Malicious Content

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informe...

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...