Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The Linux kernel's register set regset common infrastructure implementation did not check if the required get and set handlers were initialized, allowing a local, unprivileged user to cause a denial of service by performing a register set operation...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as the exitnotify function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID setuid application before exiting. This could allow a local, unprivileged user to elevate their privileg...

Streaming issues that are related to Microsoft Media Foundation in Windows 7

Streaming issues that are related to Microsoft Media Foundation in Windows 7 Symptoms A hotfix is available for Microsoft Media Foundation in Windows 7. This hotfix resolves the following streaming issues that relate to Media Foundation: Issue 1 You cannot stream some audio files to multiple...

SQL Server data corruption when a memory range is accessed by the SetFileIoOverlappedRange function and an I/O operation in Windows Vista, in Windows Server 2008, in Windows 7, or in Windows Server 2008 R2

SQL Server data corruption when a memory range is accessed by the SetFileIoOverlappedRange function and an I/O operation in Windows Vista, in Windows Server 2008, in Windows 7, or in Windows Server 2008 R2 Symptoms Consider the following scenario: You have a computer that is running one of the...

DEBIAN-CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

UBUNTU-CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

CVE-2019-20636

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by inputsetkeycode, aka CID-cb222aed03d7...

Prototype Pollution

sds is vulnerable to prototype pollution. It accepts the injection of attributes to pollute the properties of the Object.prototype by the attacker using the set function in js/set.js,...

CVE-2019-10747

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2017-18651

An issue was discovered on Samsung mobile devices with M6.x and N7.x software. There is an Integer Overflow in processMSetTokenTUIPasswd during handling of a trusted application, leading to memory corruption. The Samsung IDs are SVE-2017-9008 and SVE-2017-9009 October 2017...

Code injection

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'...

Prototype Pollution

eivindfjeldstad-dot is vulnerable to prototype pollution. The vulnerability exists as the set function can be tricked into adding or modifying properties of Object.prototype...

CVE-2020-7639

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

Design/Logic Flaw

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

CVE-2020-7639

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...

PT-2020-19675 · Unknown · Eivindfjeldstad-Dot

Name of the Vulnerable Software and Affected Versions: eivindfjeldstad-dot versions prior to 1.0.3 Description: The issue concerns a Prototype Pollution problem. The set function can be tricked into adding or modifying properties of Object.prototype using a proto payload. This allows for potentia...

Prototype Pollution

Overview @eivifj/dot is a module that gets and sets object properties with dot notation. Affected versions of this package are vulnerable to Prototype Pollution. The function set could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC var a =...

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

Prototype Pollution

Overview sds is a structured data search package. Affected versions of this package are vulnerable to Prototype Pollution. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. PoC var root = require"sds"; var...

kernel: integer overflow and OOB read in drivers/block/floppy.c

A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call setgeometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw ma...