net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution

A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

RHEL 6 : net-snmp (RHSA-2020:5129)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5129 advisory. The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol SNMP, including an SNMP library, an extensible...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

EulerOS 2.0 SP5 : net-snmp (EulerOS-SA-2020-2292)

According to the versions of the net-snmp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link symlink following.CVE-2020-15861 - Net-SNMP through 5.7.3...

PT-2020-19764 · Tsed · @Tsed/Core

Name of the Vulnerable Software and Affected Versions: @tsed/core versions prior to 5.65.7 Description: This issue relates to the deepExtend function, part of the utils directory. Depending on user input, an attacker can overwrite and pollute the object prototype of a program. Recommendations: Fo...

[SECURITY] Fedora 31 Update: prosody-0.11.7-1.fc31

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 32 Update: prosody-0.11.7-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

[SECURITY] Fedora 33 Update: prosody-0.11.7-1.fc33

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

Prototype Pollution

extend-merge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype through the merge function...

1filecompiler (=0.0.2), @adrian.u/adritoolbox (>=1.0.0 <=1.1.0) +802 more potentially affected by CVE-2020-8147 via utils-extend (=1.0.8)

utils-extend NPM version =1.0.8 is affected by a known vulnerability. The following packages have a transitive dependency on utils-extend and may be impacted: - 1filecompiler =0.0.2 - @adrian.u/adritoolbox =1.0.0, =0.1.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.0.1, =0.37.8, =1.0.1, =0.1.0, =1.0.2,...

GHSA-6PQ3-928Q-X6W6 Prototype Pollution

All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

Prototype Pollution

All versions of utils-extend are vulnerable to prototype pollution. The extend function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...

Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

GHSA-F8H3-RQRM-47V9 Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

@planningcenter/icons (>=3.0.0-7 <=3.0.0-15), feathers-commands (>=0.0.1 <=0.1.4) +11 more potentially affected by unknown CVE via smart-extend (=1.7.4)

smart-extend NPM version =1.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on smart-extend and may be impacted: - @planningcenter/icons =3.0.0-7, =0.0.1, =1.0.4, =1.0.2, =0.0.1, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.0, =1.0.1, =2.0.0, =3.0.5 Source...

USN-4471-2 net-snmp regression

USN-4471-1 fixed a vulnerability in Net-SNMP. The updated introduced a regression making nsExtendCacheTime not settable. This update fixes the problem adding the cacheTime feature flag. Original advisory details: Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An...

CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...

DEBIAN-CVE-2020-15862

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root...