CVE-2020-7721 Prototype Pollution

All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function...

CVE-2020-7721

CVE-2020-7721 affects node-oojs; vulnerable to Prototype Pollution via the setPath function. Affected: versions prior to 1.4.1 (up to 1.4.0 per advisories). Impact includes potential manipulation of Object.prototype, enabling outcomes like DoS or remote code execution in some scenarios. Remediati...

PT-2020-6071 · Node.Js · Node-Forge

Name of the Vulnerable Software and Affected Versions: node-forge versions prior to 0.10.0 Description: The issue is related to Prototype Pollution via the util.setPath function. This can allow a remote attacker to implement a prototype pollution attack by modifying object attributes...

PT-2020-19742 · Npm · Node-Oojs

Name of the Vulnerable Software and Affected Versions: node-oojs versions prior to 1.4.1 Description: The issue concerns Prototype Pollution via the setPath function. This allows for potential manipulation of object properties, which could lead to various security issues. Recommendations: For...

Prototype Pollution

Overview node-oojs is an Object Oriented JavaScript Affected versions of this package are vulnerable to Prototype Pollution via the setPath function. POC: require'node-oojs'; oojs.setPath'proto.polluted':true; console.logpolluted; Details Prototype Pollution is a vulnerability affecting JavaScrip...

Prototype Pollution

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Prototype Pollution via the util.setPath function. Note: version 0.10.0 is a breaking change removing...

PT-2020-6993 · Python · Python

Name of the Vulnerable Software and Affected Versions: Python versions 3.6 through 3.6.10 Python versions 3.7 through 3.7.8 Python versions 3.8 through 3.8.4rc1 Python versions 3.9 through 3.9.0b4 Description: The issue is related to the use of an invalid search path for loading python3.dll after...

Google Skia Denial of Service Vulnerability

Google Skia is the United States Google Google company's an open source and C + + based graphics library , it can be used in Mozilla Firefox, Google Chrome and other browsers , but also available in the Android open mobile platform . A denial of service vulnerability exists in SkRegion::setPath i...

CVE-2013-6648

SkRegion::setPath in Skia allows remote attackers to cause a denial of service crash...

CVE-2013-6648

SkRegion::setPath in Skia allows remote attackers to cause a denial of service crash...

CVE-2007-2848

Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control shcmb80.ocx in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2007-2848

Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control shcmb80.ocx in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2006-1366

Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service device shutdown, and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer aka FTP service on Bluetooth channel 9...