set-or-get security breach

set-or-get is an open source package. It is used to set or get object field values. A security vulnerability in set-or-get versions 1.0.0 through 1.2.10 allows attackers to trigger a denial of service and potentially lead to remote code execution...

Fishcharlie Amazon Dynamoose Security Breach

Fishcharlie Amazon Dynamoose is a modeling tool from the Fishcharlie organization in the United States. A modeling tool for Amazon DynamoDB is provided. Fishcharlie Amazon Dynamoose has a security vulnerability in versions prior to 2.0.0 and 2.7.0 that stems from a prototype contamination...

PT-2021-16843 · Unknown · Set-Or-Get

Name of the Vulnerable Software and Affected Versions: set-or-get versions 1.0.0 through 1.2.10 Description: The issue is a prototype pollution vulnerability that allows an attacker to cause a denial of service and may lead to remote code execution. Recommendations: For versions 1.0.0 through...

GHSA-6CF8-QHQJ-VJQM Prototype pollution in total.js

There is a prototype pollution vulnerability in the package total.js before version 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impa...

CVE-2020-28449

This affects all versions of package decal. The vulnerability is in the set function...

Design/Logic Flaw

This affects all versions of package decal. The vulnerability is in the set function...

CVE-2020-28449

CVE-2020-28449 corresponds to a prototype pollution vulnerability in the JavaScript package decal, with the issue located in the set function. Affected software is decal (all versions), and exploitation involves injecting properties into Object.prototype (e.g., via proto or path-based definitions...

Shinuza Decimal-js Security Vulnerability

Shinuza Decimal-js is a Javascript-based codebase used to provide decimal calculations for Node applications by Shinuza Individual Developers. A security vulnerability exists in Shinuza Decimal-js, which stems from the set function...

CVE-2020-28495

This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some case...

CVE-2020-25782

An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIPProtoSet during incoming message handling...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

GoDaddy Node-config-shield Security Vulnerability

GoDaddy Node-config-shield is a Javascript-based codebase for checking sensitive information in projects by GoDaddy, Inc. A security vulnerability exists in GoDaddy node-config-shield that stems from a call to eval while processing the set command...

PT-2021-16986 · Npm · Node-Config-Shield

Name of the Vulnerable Software and Affected Versions: node-config-shield versions prior to 0.2.2 Description: The issue concerns the node-config-shield package, where the scripts/cli.js file calls eval when processing a set command. This could potentially lead to issues if the set command is use...

PT-2021-7753 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the fs/inode.c:inode init owner function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended...

Exploit for OS Command Injection in Linksys Re6500_Firmware

Description Belkin LINKSYS RE6500 devices before 1.0.012.001...

ALPINE-CVE-2020-14360

A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Dnsmasq Buffer Error Vulnerability

DNSmasq is a DNS configuration tool by Simon Kelley Personal Developer. Dnsmasq suffers from a buffer error vulnerability that stems from a heap-based buffer overflow in the sort rrset subroutine that occurs when DNSSEC is enabled and before validating incoming DNS entries...

Prototype Pollution

Overview jointjs is a JavaScript diagramming library. It can be used to create either static diagrams or, and more importantly, fully interactive diagramming tools and application builders. Affected versions of this package are vulnerable to Prototype Pollution via util.setByPath...