EUVD-2021-0605

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2025-24959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env...

CVE-2024-49365

The CVE-2024-49365 issue affects tiny-secp256k1 prior to 1.1.7, where in environments using the Node buffer package, Buffer.isBuffer can be bypassed and a crafted JSON-stringifiable object could be accepted by verify(), potentially causing false-positive True values. The root cause is a vulnerabi...

Malicious code in stringify-content (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-2899 Malicious code in stringify-content (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in stringify-bytes32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4369c15f1dad991e9ececa49c5f3944e2b59ae8c42fa6d11366c1bb8d723de69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2333 Malicious code in stringify-bytes32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4369c15f1dad991e9ececa49c5f3944e2b59ae8c42fa6d11366c1bb8d723de69 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-QWP8-X4FF-5H87 ZX Allows Environment Variable Injection for dotenv API

Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...

UBUNTU-CVE-2025-24959

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

PT-2025-5603 · Zx +1 · Zx +1

Name of the Vulnerable Software and Affected Versions: zx versions prior to 8.3.2 Description: An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in application...

GHSA-PQHP-25J4-6HQ9 smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

Summary An attacker can send a maliciously crafted TOML to cause the parser to crash because of a stack overflow caused by a deeply nested inline structure. A similar problem occurs when attempting to stringify deeply nested objects. The library does not limit the maximum exploration depth while...

UBUNTU-CVE-2023-49552

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjsopjsonstringify function in the msj.c file...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. Cesanta MJS has a denial of service vulnerability that can be exploited by an attacker...

PT-2024-13745 · Cesanta · Mjs

Name of the Vulnerable Software and Affected Versions: Cesanta mjs version 2.20.0 Description: An Out of Bounds Write in Cesanta mjs allows a remote attacker to cause a denial of service via the mjs op json stringify function in the msj.c file. Recommendations: For Cesanta mjs version 2.20.0,...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2 modules are vulnerable to a denial of service, caused by a regular expression denial of service ReDoS. By sending...

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

SUSE CVE-2011-0055

Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the jsHasOwnProperty function and garbage...

SUSE CVE-2016-10222

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

CVE-2021-46554

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsjsonstringify at src/mjsjson.c. This vulnerability can lead to a Denial of Service DoS...