app.io (>=0.0.1 <=0.0.4), feathers-validation (>=0.5.0 <=0.5.1) +6 more potentially affected by CVE-2019-10781 via schema-inspector (>=1.4.2 <=1.6.8)

schema-inspector NPM version =1.4.2, =0.0.1, =0.5.0, =3.8.1, =1.0.2, =1.0.0, =0.2.0, =0.5.0 Source cves: CVE-2019-10781 Source advisory: OSV:GHSA-R24H-634P-M72X...

@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +795 more potentially affected by CVE-2020-8149 via logkitty (>=0.4.2 <=0.6.1)

logkitty NPM version =0.4.2, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =1.0.1, =1.0.2, =1.1.0 and more Source cves: CVE-2020-8149 Source advisory: OSV:GHSA-V8V8-6859-QXM4...

WatermelonDB SQL Injection Vulnerability

WatermelonDB is the next generation React database for building powerful React and React Native applications that can scale from hundreds to tens of thousands of records while remaining fast. A SQL injection vulnerability in WatermelonDB versions prior to 0.15.1 and prior to 0.16.2, which stems...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @handsontable6/angular (=7.0.0) +20 more potentially affected by CVE-2020-6836 via hot-formula-parser (=2.3.3)

hot-formula-parser NPM version =2.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on hot-formula-parser and may be impacted: - @daedalus/angular-handsontable =1.0.1, =0.1.10, =1.0.2, =1.0.1, =0.1.1, =1.0.0, =1.0.1, =0.1.0, =1.0.1, =0.1.2, =1.0.2 -...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

Design/Logic Flaw

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CVE-2020-12270

CVE-2020-12270 : Affects Bluezone 1.0.0 through the React Native Bluetooth Scan component. The root cause is use of insufficiently random values to generate six-character alphanumeric IDs, which could let a remote attacker interfere with COVID-19 contact tracing by issuing many IDs. Exploitation ...

CVE-2020-12270

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. NOTE: the vendor disputes the relevance of this report because the recipient of an F1 alert will know it...

CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

Cross site scripting

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

CVE-2020-12113

BigBlueButton is affected by CVE-2020-12113: prior to version 2.2.4, the Web UI is vulnerable to cross-site scripting via closed captions because dangerouslySetInnerHTML is used in React. This vulnerability allows XSS as described in multiple sources (e.g., BigBlueButton’s 2.2.4 release notes and...

CVE-2020-12113

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used...

BigBlueButton < 2.2.4 - Reflected Cross-Site Scripting (XSS)

XSS via closed captions because dangerouslySetInnerHTML in React is used...

Information Disclosure

react-oauth-flow is vulnerable to information disclosure. The vulnerability exists as it stores secrets in the front-end instead of using a properly implemented OAuth client...

@gsandf/react-native-oauth (>=2.1.16 <=2.2.2), react-native-oauth (>=1.1.0 <=2.2.0) +5 more potentially affected by CVE-2019-10805 via valib (=2.0.0)

valib NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on valib and may be impacted: - @gsandf/react-native-oauth =2.1.16, =1.1.0, =2.1.16, =2.1.15, =0.1.0, =0.4.6 Source cves: CVE-2019-10805 Source advisory: SNYK:JS-VALIB-559015...

Improper Authorization

Overview All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendatio...

@concepto/eb (>=1.1.7 <=1.1.95), @concepto/nuxt (=1.9.427) +11 more potentially affected by CVE-2019-10804 via serial-number (>=0.3.0 <=1.3.0)

serial-number NPM version =0.3.0, =1.1.7, =0.0.1, =1.9.35, =1.1.0, =1.1.1, =0.2.1, =0.1.4, =0.1.1, =0.1.24, =2.5.0, =3.1.1 Source cves: CVE-2019-10804 Source advisory: SNYK:JS-SERIALNUMBER-559010...

Denial Of Service (DoS) Through Memory Leak

react-native-camera-kit is vulnerable to denial of service DoS attacks. The vulnerability exists due to the unreleased imageRef in the function snapStillImage in file CKCamera.m, allowing an attacker to trigger a memory exhaustion attack resulting in a system hang...

Acunetix v13 - Web Application Security Scanner

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix Version 13. The new release comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning,...