Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/06/10 9:18 p.m.33 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS0.00422EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 3:1 p.m.8 views

GHSA-FX83-V9X8-X52W protobuf.js: Prototype injection in generated message constructors

Summary protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an attacker-controlled plain object, an own enumerable proto property could alter the prototype of that...

5.3CVSS5.9AI score0.00264EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 6:5 a.m.5 views

CVE-2023-30624

Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled...

8.8CVSS7.1AI score0.0045EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/05/03 2:50 a.m.1 views

SUSE CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

5.5CVSS6.3AI score0.00155EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2025/05/02 4:15 p.m.3 views

CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

5.5CVSS6.3AI score0.00155EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.4 views

kernel: bnxt_en: Avoid order-5 memory allocation for TPA data

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

5.5CVSS6.3AI score0.00155EPSS
Exploits0References5
Amazon
Amazon
added 2023/09/25 12:0 a.m.7 views

Important: ecs-service-connect-agent

Issue Overview: Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issu...

9.8CVSS7.2AI score0.01577EPSS
Exploits3
CNNVD
CNNVD
added 2023/04/27 12:0 a.m.4 views

Wasmtime 安全漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in wasmtime versions 6.0.1 and earlier, 7.0.0, and 8.0.0, which stems from the fact that Wasmtime's implementation of managing per-instance state e.g.,...

8.8CVSS7.6AI score0.0045EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2020/04/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...

9.8CVSS7.3AI score0.01134EPSS
Exploits0References1
OSV
OSV
added 2019/12/12 6:15 p.m.2 views

CVE-2019-19750

minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...

9.8CVSS7.3AI score0.01134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/12 12:0 a.m.3 views

PT-2019-15947 · Minerstat · Msos

Name of the Vulnerable Software and Affected Versions: minerstat msOS versions prior to 2019-10-23 Description: The issue is related to the lack of unique SSH keys for each instance of the product. This could potentially lead to security risks. Recommendations: For versions prior to 2019-10-23,...

9.8CVSS6.9AI score0.01134EPSS
Exploits0References4
Rows per page
Query Builder