The vulnerability of the SetFieldValue command implementation in the Foxit Reader text viewer and Foxit PhantomPDF PDF editing program allows a perpetrator to execute arbitrary code.

The vulnerability of the GetFieldValue function implementation in programs for displaying text in Foxit Reader and editing PDF files in Foxit PhantomPDF is related to data type conversion errors. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

PT-2021-2432 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.6 Description: The issue is related to the rtw wx set scan function in the Linux kernel, which allows writing beyond the end of the -ssid array. This can lead to a buffer overflow in memory. The exploitation...

Prototype Pollution

Overview set-deep-prop is a Set the value of a deeply nested object or array Affected versions of this package are vulnerable to Prototype Pollution via the main functionality. PoC const setDeepProp = require'set-deep-prop'; setDeepProp,'proto', 'x', 'polluted'; console.log.a; // polluted Details...

Remote Code Execution

total.js is vulnerable to remote code execution. The vulnerability exists in set of utils.js where it does not validate malicious parameter being injected and executed by a malicious user...

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

CVE-2021-23344 Remote Code Execution (RCE)

The package total.js before 3.4.8 are vulnerable to Remote Code Execution RCE via set...

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel that stems from a lack of privilege checking in callCallbackForRequest in ConnectivityService.java, which could bypass privileges...

CVE-2019-25021

An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code...

AZL-6843 CVE-2021-21309 affecting package redis for versions less than 5.0.5-7

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...

UBUNTU-CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...

Prototype Pollution

Overview tree-kit is a Tree utilities which provides a full-featured extend and object-cloning facility, and various tools to deal with nested object structures. Affected versions of this package are vulnerable to Prototype Pollution via dotPath.set. PoC: const dotPath = require'tree-kit'...

CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

Prototype Pollution

dynamoose is vulnerable to prototype pollution. The vulnerability exists through lib/utils/object/set.ts where an attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-25913

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25913

The CVE-2021-25913 entry involves a prototype pollution vulnerability in the set-or-get npm package (versions 1.0.0–1.2.10). The underlying flaw allows an attacker to pollute JavaScript object prototypes, potentially causing a denial of service and, in some cases, remote code execution. A fix is ...

CVE-2021-25913

Prototype pollution vulnerability in 'set-or-get' version 1.0.0 through 1.2.10 allows an attacker to cause a denial of service and may lead to remote code execution...

set-or-get security breach

set-or-get is an open source package. It is used to set or get object field values. A security vulnerability in set-or-get versions 1.0.0 through 1.2.10 allows attackers to trigger a denial of service and potentially lead to remote code execution...

Fishcharlie Amazon Dynamoose Security Breach

Fishcharlie Amazon Dynamoose is a modeling tool from the Fishcharlie organization in the United States. A modeling tool for Amazon DynamoDB is provided. Fishcharlie Amazon Dynamoose has a security vulnerability in versions prior to 2.0.0 and 2.7.0 that stems from a prototype contamination...