80 matches found
CVE-2020-19465
An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...
Design/Logic Flaw
An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4...
CVE-2020-28282
A flaw was found in nodejs-getobject. The set function does not check for the type of object before assigning value to the property allowing an attacker to create a non-existent property or allow the manipulation of the property which could lead to a denial of service or a remote code execution...
Prototype Pollution
getobject is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of proto header values...
CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
DEBIAN-CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
AZL-44940 CVE-2020-28282 affecting package js-jquery 3.5.0-4
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
UBUNTU-CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28282
CVE-2020-28282 affects the nodejs-getobject package (version 0.1.0) via a prototype pollution flaw that can cause a denial of service and may lead to remote code execution. Public mentions across OSV/NVD/Nessus IBM entries confirm the vulnerability and describe a security update approach rather t...
CVE-2020-28282
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...
Cowboy Getobject Security Vulnerability
Cowboy Getobject is a codebase based on the Javascript language for working with objects and performing set and get operations by the Cowboy individual developers. A security vulnerability exists in getobject version 0.1.0, which can be exploited by an attacker to cause a denial of service and...
Cross-Site Scripting (XSS)
ceph is vulnerable to cross-site scripting XSS. Header-splitting in RGW GetObject allows an attacker to inject and execute arbitrary Javascript in a user's browser...
ceph14 -- multiple security issues
RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible...
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure
Microsoft Windows - win32k!NtGdiExtGetObjectW Kernel Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the...
Microsoft Windows - 'win32k!NtGdiExtGetObjectW' Kernel Stack Memory Disclosure
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1178 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory in Windows 7-10 through the win32k!NtGdiExtGetObjectW system call accessible via a documented GetObject API function to user-mo...
Path traversal
The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...
PT-2016-6204 · Apache · Apache Activemq Artemis
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 1.4.0 Description: The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...