The vulnerability of the Resultant Set of Policy (RSoP) component in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the Resultant Set of Policy RSoP component in Windows operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

DEBIAN-CVE-2020-25559

gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...

UBUNTU-CVE-2020-25559

gnuplot 5.5 is affected by double free when executing printsetoutput. This may result in context-dependent arbitrary code execution...

ModSecurity 3.0.x Denial Of Service Vulnerability

ModSecurity version 3.0.x suffers from a denial of service vulnerability due to the handling of regular expression matching. ModSecurity version 3.0.x is affected by a denial of service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular...

Prototype Pollution

keyd is vulnerable to prototype pollution. The vulnerability exists as it does not prevent the proto property to be set when the set function is called...

CVE-2020-0648

An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...

The vulnerability of the Cisco Jabber Client Framework for Windows software lies in its lack of measures to neutralize special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco Jabber Client Framework for Windows software is related to the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

USN-4490-1 xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges...

PT-2020-3911 · Microsoft · Windows Rsop Service Application +1

Name of the Vulnerable Software and Affected Versions: Windows RSoP Service Application affected versions not specified Description: An elevation of privilege issue exists due to improper memory handling by the Windows RSoP Service Application. To exploit this, an attacker must first gain executi...

Prototype Pollution in reggae

All versions of reggae are vulnerable to prototype pollution. The function set does not restrict the modification of an Object's prototype, which may allow a malicious to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usin...

Prototype Pollution

deep-get-set is vulnerable to prototype pollution. The vulnerability exists as the main function does not restrict proto, constructor and prototype headers to be set in objects...

Prototype Pollution

gedi is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...

Prototype Pollution

deeps is vulnerable to prototype pollution. The vulnerability exists as it does not restrict the proto header to be set through the set function...

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

What is “Kill Chain”? From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision, order to attack the target, and finally the destruction of the target. Reconnaissance...

CVE-2020-7715

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function...

CVE-2020-7724

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function...

CVE-2020-7716

All versions of package deeps are vulnerable to Prototype Pollution via the set function...

Design/Logic Flaw

All versions of package confucious are vulnerable to Prototype Pollution via the set function...

CVE-2020-7727

Affected software: the gedi package (JavaScript). Vulnerability: Prototype Pollution via the set function. Root cause: unsafe handling of object property paths in set, enabling pollution of Object.prototype under certain inputs. Impact (as stated in related advisories): potential for DoS or remot...

CVE-2020-7714 Prototype Pollution

All versions of package confucious are vulnerable to Prototype Pollution via the set function...