Design/Logic Flaw

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

CVE-2021-27279

MyBB before 1.8.25 allows stored XSS via nested email tags with MyCode aka BBCode...

CVE-2021-27279

CVE-2021-27279 affects MyBB prior to 1.8.25. The vulnerability is a stored XSS via nested [email] tags in MyCode (BBCode), enabling script injection when processing user-supplied content. Product: MyBB (forum software); affected version range: before 1.8.25. Root cause: improper sanitization of B...

PT-2021-17383 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.25 Description: The issue allows stored XSS via nested email tags with MyCode aka BBCode. Recommendations: For versions prior to 1.8.25, update to version 1.8.25 or later to resolve the issue...

MGASA-2021-0078 Updated perl-Email-MIME and perl-Email-MIME-ContentType packages fix security vulnerability

Messages with too many tiny nested MIME parts can lead to memory exhaustion on split, resulting in denial of service rhbz1835353 This update limits the number of nested MIME parts to 10 by default, to avoid a possible memory exhaustion issue with lots of tiny MIME parts...

perl: heap-based buffer overflow in regular expression compiler leads to DoS

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow...

Prototype pollution in nested-object-assign

The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...

GHSA-C497-V8PV-CH6X Prototype pollution in nested-object-assign

The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...

Prototype Pollution

nested-object-assign is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CentOS 8 : dovecot (CESA-2020:3713)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3713 advisory. - dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 - dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673 ...

CentOS 8 : librsvg2 (CESA-2020:4709)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4709 advisory. - librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 Note that Nessus has not tested for this issue but has instead relied on...

CVE-2021-23329

CVE-2021-23329 affects the npm package nested-object-assign, specifically versions prior to 1.0.4. The vulnerability is Prototype Pollution via the default function, allowing an attacker to inject properties into Object.prototype. Exploitation details are not provided in the provided documents, b...

PT-2021-15438 · Unknown · Nested-Object-Assign

Name of the Vulnerable Software and Affected Versions: nested-object-assign versions prior to 1.0.4 Description: The issue concerns Prototype Pollution via the default function. Recommendations: For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue...

Prototype Pollution

Overview nested-object-assign is a Package to support nested merging of objects & properties, using Object.Assign Affected versions of this package are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below. PoC // poc.js const assign =...

CentOS 8 : git (CESA-2019:4356)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4356 advisory. - git: Arbitrary path overwriting via export-marks in-stream command feature CVE-2019-1348 - git: Recursive submodule cloning allows using git director...

Prototype Pollution in geta/nestedobjectassign

Description nested-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const assign = require'nested-object-assign' console.log'Before: ' + .polluted assign, JSON.parse'"proto": "polluted": true' console.log'After: ' +...

DRUPAL-CONTRIB-2021-003

This module enables you to add groups to other groups in a tree structure where access can be inherited up or down the tree. When you configure Subgroup to have a tree with at least three levels, users may inadvertently get permissions in a group that is an uncle or cousin of the source group,...

openSUSE Security Update : virtualbox (openSUSE-2021-165)

This update for virtualbox fixes the following issues : Version update to 6.1.18 released January 19 2021 This is a maintenance release. The following items were fixed and/or added : - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts bug 19315, 19561...

OPENSUSE-SU-2021:0165-1 Security update for virtualbox

This update for virtualbox fixes the following issues: Version update to 6.1.18 released January 19 2021 This is a maintenance release. The following items were fixed and/or added: - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts bug 19315, 19561 -...

GHSA-WJX2-7HQQ-8H7M rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...