Prototype Pollution

Overview gedi is an An evented data API Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const gedi = require'gedi'; try gedi.set'proto/polluted', true; catche console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScript...

Prototype Pollution

Overview tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const tinyConf =...

Prototype Pollution

Overview safetydance is an Exception safety in node.js Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const safetydance = require'safetydance'; safetydance.set, 'proto.polluted', true; console.logpolluted; //true Details Prototype Pollution is a...

Prototype Pollution

Overview @irrelon/path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC...

Prototype Pollution

Overview irrelon-path is an A powerful JSON path processor. Allows you to drill into and manipulate JSON objects with a simple dot-delimited path format e.g. "obj.name". Affected versions of this package are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. POC:...

Prototype Pollution

Overview deeps is a Highly performant utilities to manage deeply nested objects. get, set, merge, flatten, diff etc. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const deeps = require'deeps'; deeps.set, 'proto.polluted', true;...

Prototype Pollution

Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the main function. POC: const deep = require'deep-get-set'; deep, 'proto', 'polluted', true; console.logpolluted; Details Prototype...

Prototype Pollution

Overview confucious is an App configuration management. Kind of like nconf, but easier to use, predicable and more flexible. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const confucious = require'confucious'; confucious.set'proto:polluted',...

Prototype Pollution

Overview bmoor is an A basic foundation for other libraries, establishing useful patterbs, and letting them be more. Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC: const bmoor = require'bmoor'; bmoor.set, ""proto.polluted"", true;...

The vulnerability of the `vhost_user_set_log_base` function in libraries and drivers for fast packet processing in DPDK allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the vhostusersetlogbase function in libraries and drivers for fast packet processing in DPDK lies in a potential integer overflow. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service failures...

Quiz and Survey Master < 7.0.1 - Arbitrary File Upload

This flaw made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. Set-up quiz that accepts file uploads, then upload file and change content-type to one set as approved. history.pushState'', '', '/' function submitRequest var xhr = new...

PT-2020-14195 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.23 and earlier etcd versions 3.4.10 and earlier Description: The issue concerns the creation of certain directory paths with restricted access permissions by using the os.MkdirAll function, which does not perform permission...

Command injection

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-14101

CVE-2019-14101 affects Qualcomm Snapdragon platforms (e.g., Auto, Compute, Connectivity, IOT, Mobile, Wearables) including APQ8009/8096 families and many MSM/SDM/QCS/SXR devices. The vulnerability is an out-of-bounds read in the diag event set mask command handler when the provided length in the ...

OSV-2020-1025 UNKNOWN READ in auto LLVMFuzzerTestOneInput::$_1::operator

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24195 Crash type: UNKNOWN READ Crash state: auto LLVMFuzzerTestOneInput::$1::operator int fuzzerinput::run set-gc.cpp...

immer:set-gc: Crash in auto LLVMFuzzerTestOneInput::$_1::operator

Project: https://github.com/arximboldi/immer.git Detailed Report: https://oss-fuzz.com/testcase?key=5128215832821760 Project: immer Fuzzing Engine: libFuzzer Fuzz Target: set-gc Job Type: libfuzzerasanimmer Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x001cb02fb030 Crash State: aut...

Prototype Pollution in lodash

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions pick, set, setWith, update, updateWith, and zipObjectDeep allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires...

The vulnerability of the mwifiex_set_uap_rates() function in the Linux operating system’s Wi-Fi Marvell driver allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the mwifiexsetuaprates function in the Linux operating system’s Wi-Fi Marvell driver is related to buffer overflow vulnerabilities. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...

The vulnerability of the mwifiex_set_wmm_params() function in the Linux operating system’s Wi-Fi Marvell driver allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the mwifiexsetwmmparams function in the Linux operating system’s Wi-Fi Marvell driver is related to buffer overflow vulnerabilities. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...

The vulnerability of the EKOM-3000 data collection and transmission device, related to the use of pre-set account data, allows a perpetrator to gain access to the device.

The vulnerability of the ECOM-3000 data collection and transmission device is related to the use of pre-set credentials. Exploiting this vulnerability could allow a remote attacker to gain access to the device...