Lucene search
K

58 matches found

Prion
Prion
added 2019/02/01 6:29 p.m.21 views

Buffer overflow

A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

5CVSS8.4AI score0.01101EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/01 6:0 p.m.32 views

CVE-2018-16490

A prototype pollution vulnerability was found in module mpath 0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

6.7AI score0.01101EPSS
Exploits1References1
CVE
CVE
added 2019/02/01 6:0 p.m.81 views

CVE-2018-16490

CVE-2018-16490 affects the mpath npm package prior to version 0.8.4, where a prototype pollution flaw can lead to arbitrary properties being injected onto Object.prototype. The root cause is a type handling mismatch in ignoreProperties.indexOf(parts[i]); when parts[i] is proto , the code path use...

7.5CVSS7.7AI score0.01101EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2018/08/06 10:40 a.m.49 views

Node.js third-party modules: Prototype Pollution Vulnerability in mpath Package

I would like to report prototype pollution vulnerability in mpath. It allows an attacker to inject arbitrary properties on Object.prototype. Module module name: mpath version: 0.4.1 npm page: https://www.npmjs.com/package/mpath Module Description G,Set javascript object values using MongoDB-like...

5CVSS0.5AI score0.01101EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/07/03 12:0 a.m.44 views

OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0121)

The remote OracleVM system is missing necessary patches to address critical security updates : - nfsd: check for oversized NFSv2/v3 arguments J. Bruce Fields Orabug: 26366024 CVE-2017-7645 - dm mpath: allow ioctls to trigger pg init Mikulas Patocka Orabug: 25645229 - xen/manage: Always freeze/tha...

10CVSS6.5AI score0.1081EPSS
Exploits5References4
Oracle linux
Oracle linux
added 2017/06/30 12:0 a.m.221 views

Unbreakable Enterprise kernel security update

2.6.39-400.297.3 - nfsd: check for oversized NFSv2/v3 arguments J. Bruce Fields Orabug: 26366024 CVE-2017-7645 2.6.39-400.297.2 - dm mpath: allow ioctls to trigger pg init Mikulas Patocka Orabug: 25645229 - xen/manage: Always freeze/thaw processes when suspend/resuming Ross Lagerwall Orabug:...

7.8CVSS1.2AI score0.05794EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2016/02/16 2:59 p.m.71 views

Important: Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Updated kernel-rt packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which giv...

7.2CVSS6.3AI score0.00624EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/11/29 12:0 a.m.53 views

Ubuntu 11.10 : thunderbird vulnerabilities (USN-1282-1)

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...

10CVSS8.9AI score0.05657EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2011/11/26 12:0 a.m.300 views

Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1277-1)

Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this fl...

10CVSS8.9AI score0.05657EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2011/11/25 12:0 a.m.42 views

Ubuntu Update for mozvoikko USN-1277-2

Ubuntu Update for Linux kernel vulnerabilities USN-1277-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN12772.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for mozvoikko USN-1277-2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net Th...

10CVSS1.2AI score0.05657EPSS
Exploits1References2
NVD
NVD
added 2011/11/09 11:55 a.m.15 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...

10CVSS7.9AI score0.04403EPSS
Exploits0References4
Prion
Prion
added 2011/11/09 11:55 a.m.28 views

Memory corruption

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...

10CVSS8.5AI score0.04403EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2011/11/09 11:0 a.m.21 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...

9.9AI score0.04403EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2011/11/09 12:0 a.m.22 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via...

10CVSS7.5AI score0.04403EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2011/11/09 12:0 a.m.51 views

Firefox < 8.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 8.0 and thus, is potentially affected by the following security issues : - Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. CVE-2011-3648 - The addition of the 'Azure' graphics...

10CVSS7.2AI score0.05657EPSS
Exploits2References14
Oracle linux
Oracle linux
added 2011/02/23 12:0 a.m.62 views

kernel security, bug fix, and enhancement update

2.6.32-71.18.1.el6 - netdrv ixgbe: make sure FCoE DDP user buffers are really released by the HW Frantisek Hrbata 674002 617193 - netdrv ixgbe: invalidate FCoE DDP context when no error status is available Frantisek Hrbata 674002 617193 - netdrv ixgbe: avoid doing FCoE DDP when adapter is DOWN or...

4.9CVSS7.4AI score0.01355EPSS
Exploits18
Oracle linux
Oracle linux
added 2009/05/26 12:0 a.m.42 views

util-linux security and bug fix update

2.12a-24.el4 - fix 458539 - man nfs : wrong information about nfs version used 2.12a-23.el4 - fix 485004 - move mount doesnt correctly update mtab 2.12a-22.el4 - fix 472186 - mount -a has problems with duplicate labels in a mpath setup - fix 471372 - RHEL4: fdisk cannot create partition with...

7.5CVSS0.8AI score0.03973EPSS
Exploits1
Cent OS
Cent OS
added 2009/05/21 2:46 p.m.60 views

util security update

CentOS Errata and Security Advisory CESA-2009:0981 An updated util-linux package that fixes one security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic...

7.5CVSS5.8AI score0.03973EPSS
Exploits1References8
Rows per page
Query Builder