CVE-2020-7714

CVE-2020-7714 affects the npm package confucious via Prototype Pollution in the set function. Affected versions are reported as prior to 0.0.13 (PT-2020-19736), with Snyk listing up to 0.0.12; multiple sources reiterate vulnerability across versions. Root cause is unsafe merging / path-based assi...

CVE-2020-7715 Prototype Pollution

All versions of package deep-get-set are vulnerable to Prototype Pollution via the main function...

CVE-2020-7715

CVE-2020-7715 affects the npm package deep-get-set . The vulnerability is a prototype pollution flaw in the main function, arising from an incomplete fix, allowing an attacker to pollute Object.prototype (e.g., via the key path "proto " or related paths). Affected versions are those before the re...

CVE-2020-7716

CVE-2020-7716 affects the npm package deeps and is a prototype pollution vulnerability via the set function. Public sources describe affected versions as older than 1.4.6 (GHSA: all versions up to 1.4.5; PT-2020-19738 states prior to 1.4.6). Root cause: unsafe handling in object merging/set that ...

PT-2020-19738 · Deeps · Deeps

Name of the Vulnerable Software and Affected Versions: deeps versions prior to 1.4.6 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which could lead to various security issues. Recommendations: For versions...

PT-2020-19737 · Npm · Deep-Get-Set

Name of the Vulnerable Software and Affected Versions: deep-get-set versions prior to 1.1.1 Description: The issue concerns Prototype Pollution via the main function. Recommendations: For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue...

PT-2020-19745 · Tiny-Conf · Tiny-Conf

Name of the Vulnerable Software and Affected Versions: tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so: tiny-conf versions up to and including 1.1.0 Description: The issue is related to Prototype Pollution via the set function...

PT-2020-19736 · Unknown · Confucious

Name of the Vulnerable Software and Affected Versions: confucious versions prior to 0.0.13 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For version...

PT-2020-19748 · Gedi · Gedi

Name of the Vulnerable Software and Affected Versions: gedi versions prior to 1.6.4 Description: The issue concerns Prototype Pollution via the set function. This allows for potential manipulation of object properties, which can lead to various security issues. Recommendations: For versions prior...

Code injection

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client...

Hardcoded credentials

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

CVE-2020-24104

XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to steal credentials without being connected to the network. The attack vector is a crafted ESSID, as demonstrated by the wireless.htm SET2 parameter...

Flaws expose DVB-T2 set-top boxes to botnet & ransomware attacks

By Sudais Asif Two popular DVD top-set boxes are vulnerable to both botnet and ransomware attacks. This is a post from HackRead.com Read the original post: Flaws expose DVB-T2 set-top boxes to botnet & ransomware attacks...

Prototype Pollution

object-path-set is vulnerable to prototype pollution. The vulnerability exists as it does not prevent the proto header to be set in the object through the constructor...

CVE-2020-15637

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

D-Link DIR-822 Buffer Overflow Vulnerability

The D-Link DIR-822 is an AC1200 Wi-Fi router. A buffer overflow vulnerability exists in the D-Link DIR-822 v.202KRb06 and earlier versions. An attacker can exploit this vulnerability to cause a buffer overflow via the long MacAddress data in the /HNAP1/SetClientInfo HNAP protocol message...

CVE-2020-7708

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions...

CVE-2020-7708

CVE-2020-7708 affects the Node.js packages named in the report: irrelon-path and @irrelon/path, specifically versions prior to 4.7.0. The vulnerability is a Prototype Pollution flaw exposed through the set, unSet, pushVal, and pullVal functions, allowing an attacker to modify object prototypes an...

PT-2020-11202 · D Link · D-Link Dir-822

Name of the Vulnerable Software and Affected Versions: D-Link DIR-822 Rev.Bx devices with firmware version 202KRb06 and older Description: The issue concerns a buffer overflow that can occur when handling long MacAddress data in a "HNAP1/SetClientInfo" HNAP protocol message. This message is...

Prototype Pollution

Overview jsonpointer is a Simple JSON Addressing. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC by NerdJS const jsonpointer = require'jsonpointer'; jsonpointer.set, '/proto/polluted', true; console.logpolluted; Details Prototype Pollution is a...