CVE-2021-21722

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-TV0032.1.1.04jiangsuTelecom...

ZTE ZXV10 B860A 日志信息泄露漏洞

The ZTE ZXV10 B860A is a network set-top box from China's ZTE Corporation ZTE. The ZTE ZXV10 B860A suffers from an information disclosure vulnerability that stems from the device not adequately validating logs, which can be exploited by an attacker to gain access to sensitive user information for...

OSV-2018-201 Heap-buffer-overflow in r_str_utf16_to_utf8

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10487 Crash type: Heap-buffer-overflow READ 1 Crash state: rstrutf16toutf8 sections rbinobjectsetitems...

Juniper Networks Junos OS Authorization Issues Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS contains an authorization issue vulnerability that can be exploited by an attacker to elevate privileges bypassin...

Prototype Pollution in react-atomic/react-atomic-organism

Description set-object-value is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: // poc.js var setObjectValue = require"set-object-value" var obj = console.log"Before : " + .polluted; setObjectValueobj, 'proto','polluted', 'Yes! Its Polluted'; console.log"Afte...

Linux kernel 安全漏洞

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An arbitrary code execution vulnerability exists in mwifiexcmd80211adhocstart in...

Trust Management Issues Vulnerabilities in Various Amino Communications Products

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...

Amino Communications Trust Management Issues Vulnerability

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability that stems from the use of hard-coded passwords, which can be exploited by a local attacker to view and interact with t...

Prototype Pollution

set-object-value is vulnerable to prototype pollution. An attacker is able to exploit the vulnerability to inject arbitrary properties into existing construct prototypes and modify attributes such as proto, constructor and prototype causing a denial of service and may lead to remote code executio...

Prototype Pollution

deep-set is vulnerable to prototype pollution. The vulnerability exists through the lack of sanitization of proto header values...

多款Amino产品信任管理问题漏洞

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability that stems from the use of hard-coded passwords, which can be exploited by a local attacker to view and interact with t...

Amino Communications 命令注入漏洞

The Amino Communications AK45x series is a family of television set-top box devices from Amino UK. Amino Communications suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands with root-level privileges...

CVE-2020-28281

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28281

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28281

CVE-2020-28281 affects the npm package set-object-value (versions 0.0.0–0.0.5). The underlying issue is prototype pollution in set-object-value, enabling an attacker to perform DoS and potentially remote code execution by manipulating object prototypes. Connected advisories confirm this prototype...

CVE-2020-28276

CVE-2020-28276 concerns the npm package deep-set , with vulnerable versions 1.0.0–1.0.1. The root cause is a prototype pollution flaw where the function deepSet() may assign to proto without validating object types, enabling an attacker to manipulate properties and potentially cause Denial of Ser...