Shinuza Decimal-js Security Vulnerability

Shinuza Decimal-js is a Javascript-based codebase used to provide decimal calculations for Node applications by Shinuza Individual Developers. A security vulnerability exists in Shinuza Decimal-js, which stems from the extend function...

Immer Security Breach

Immer is a Javascript-based state management library for the Immer community. A security vulnerability exists in all versions of Immer. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

date-and-time denial-of-service vulnerability

Date And Time is Date And Time personal developer of a Javascript-based for processing JS date and time Npm code library . A security vulnerability exists in versions prior to date-and-time 0.14.2, which stems from regular expression exception handling involving parsing, resulting in a...

Bigpipe predefine security breach

Bigpipe Predefine is a code library for managing Object.defineProperties objects in the Javascript language by the Bigpipe individual developers. A security vulnerability exists in predefine versions 0.0.0 through 0.1.2 that can be exploited by an attacker to cause a denial of service and...

Mout deepFillIn Code Issue Vulnerability

Mout is a Javascript-based code library from the Mout team that provides modular support for JS programming. Mout suffers from a security vulnerability that stems from the fact that the deepFillIn function can be used to "recursively fill in missing attributes" while deepMixIn "mixes objects into...

0i0 (=1.0.10), @1productaweek/react-stately (>=0.1.1 <=0.1.7) +1069 more potentially affected by CVE-2020-28477 via immer (>=7.0.0 <=8.0.0)

immer NPM version =7.0.0, =0.1.1, =0.1.0, =0.0.3-alpha.52, =0.0.10, =0.0.1, =0.1.0, =0.1.1, =0.97.1-20210526212817, =0.1.0, =2.3.1, =1.0.59, =4.4.2, =4.5.9 and more Source cves: CVE-2020-28477 Source advisory: SNYK:JS-IMMER-1019369...

Regular Expression Denial of Service (ReDoS)

Overview @absolunet/kafe is a Javascript utility library. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. It allows cause a denial of service when validating crafted invalid emails. Details Denial of Service DoS describes a family of attacks, all...

node-oojs-tool (>=1.0.0 <=1.0.11), node-oojs-utility (>=1.0.5 <=1.2.11) +6 more potentially affected by CVE-2020-7721 via node-oojs (=1.4.0)

node-oojs NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-oojs and may be impacted: - node-oojs-tool =1.0.0, =1.0.5, =0.0.6, =0.1.0, =0.1.1, =0.1.0, =1.0.0, =1.0.5 Source cves: CVE-2020-7721 Source advisory: SNYK:JS-NODEOOJS-598...

TinyMCE XSS vulnerability on version 4.7.11

h4. Description It seems that Confluence bundles a version of TinyMCE within the editor that has an XSS vulnerability. Confluence version 7.4.1 uses version 0.4.34 of the confluence-editor plugin that includes 4.7.11 of TinyMCE as a dependency Confluence version 7.6.2 uses version 0.4.41 of the...

Debian DSA-4645-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-20503 Natalie Silvanovich discovered an out-of-bounds read issue in the usrsctp library. - CVE-2020-6422 David Manouchehri discovered a use-after-free issue in the WebGL implementation. - CVE-2020-6424 Sergei...

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Update: The digital certificate issued for https.ps has been revoked by GlobalSign. Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimme...

AZL-45084 CVE-2020-8116 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

Debian: Security Advisory (DSA-4606-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4606-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...

3nit-utils (>=0.30.0 <=1.0.2), @aller/theming (>=1.0.0 <=1.0.2) +25 more potentially affected by unknown CVE via devalue (=2.0.0)

devalue NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on devalue and may be impacted: - 3nit-utils =0.30.0, =1.0.0, =1.2.1-next.3, =0.0.1, =0.1.1, =1.11.8, =4.1.1, =0.1.2, =0.1.1, =0.0.2-canary.2, =9.0.5, =9.1.5-canary.9 and more Sour...

Debian DSA-4562-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-5869 Zhe Jin discovered a use-after-free issue. - CVE-2019-5870 Guang Gong discovered a use-after-free issue. - CVE-2019-5871 A buffer overflow issue was discovered in the skia library. - CVE-2019-5872 Zhe Jin...

Debian: Security Advisory (DSA-4562-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Magecart skimmers found on Amazon CloudFront CDN

Update 06-08-2019: The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official NBA.com website. The skimmer was inserted in this JavaScript library:...

Debian DSA-4289-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-16065 Brendon Tiszka discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2018-16066 cloudfuzzer discovered an out-of-bounds read issue in blink/webkit. - CVE-2018-16067 Zhe Jin discovered ...

Debian DLA-1492-1 : dojo security update

It was discovered that there was a string injection vulnerability in the 'dojo' JavaScript library. For Debian 8 'Jessie', this issue has been fixed in dojo version 1.10.2+dfsg-1+deb8u1 by Abhijith PA. We recommend that you upgrade your dojo packages. NOTE: Tenable Network Security has extracted...