CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

CLSA-2026-1779533909 unbound: Fix of 3 CVEs

CVE-2026-33278: dangling pointer dereference in dnsmsgdeepcopyregion during DS sub-query suspend/resume; the previously-backported CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable 'res-rep = origin-rep;' struct-assignment into our 1.16.2 tree. Save the destination rrsets pointer,...

CLSA-2026-1779467733 unbound: Fix of CVE-2026-33278

CVE-2026-33278: fix dangling pointer use-after-free in dnsmsgdeepcopyregion...

EUVD-2020-0349

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-5258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properti...

GHSA-HJWQ-MJWJ-4X6C @intlify/shared Prototype Pollution vulnerability

Vulnerability type: Prototype Pollution Affected Package: Product: @intlify/shared Version: 10.0.4 Vulnerability Locations: nodemodules/@intlify/shared/dist/shared.cjs:232:26 Description: The latest version of @intlify/shared 10.0.4 is vulnerable to Prototype Pollution through the entry functions...

PT-2024-35459 · Unknown · @Intlify/Shared

Name of the Vulnerable Software and Affected Versions: @intlify/shared versions 10.0.4 Description: The issue is related to Prototype Pollution through the entry functions lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the glob...

Shared 安全漏洞

Shared is a library by Kevin Jones, a personal developer. Shared has a security vulnerability that stems from the entry function lib.deepCopy being vulnerable to prototype contamination...

xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo and ProcXkbGetDeviceInfo to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs...

Google Firebase Js Sdk 安全漏洞

Google Firebase Js Sdk is a client-side code base for connecting to the Firebase backend service from Google. firebase/util versions prior to 0.3.4 contain a prototype contamination vulnerability that originates from the deepExtend function in DeepCopy.ts. An attacker could exploit this...

Prototype Pollution

Overview @firebase/util is a wrapper of some Webchannel Features for the Firebase JS SDK. Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker...

CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

Prototype Pollution

dojo causes prototype pollution. The vulnerability exists as it allows the value proto to be passed through the deepCopy method...

CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

DEBIAN-CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

UBUNTU-CVE-2020-5258

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

Prototype pollution in dojo

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

GHSA-JXFH-8WGV-VFR2 Prototype pollution in dojo

In affected versions of dojo NPM package, the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...

Prototype Pollution

Overview dojo is a foundation package for the Dojo 1 Toolkit. While still being maintained, new development is primarily focused on modern Dojo. Affected versions of this package are vulnerable to Prototype Pollution. The deepCopy method within dojo could be tricked into adding or modifying...