Lucene search
K

54 matches found

UbuntuCve
UbuntuCve
added 2022/01/14 8:15 p.m.41 views

CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

5.5CVSS6.8AI score0.0044EPSS
Exploits1References6
CVE
CVE
added 2022/01/14 8:5 p.m.252 views

CVE-2021-23566

CVE-2021-23566 affects nanoid versions 3.0.0 through before 3.1.31, where Information Exposure is possible via valueOf(), allowing reproduction of the last generated ID. Root cause is an information disclosure in valueOf(). Remediation: upgrade to nanoid 3.1.31 or later (the fixed version). Note:...

5.5CVSS5AI score0.0044EPSS
Exploits1References7Affected Software1
Debian CVE
Debian CVE
added 2022/01/14 8:5 p.m.15 views

CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

5.5CVSS6.9AI score0.0044EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/01/14 12:0 a.m.5 views

PT-2022-9413 · Nanoid · Nanoid

Name of the Vulnerable Software and Affected Versions: nanoid versions 3.0.0 through 3.1.30 Description: The issue allows for Information Exposure via the valueOf function, enabling the reproduction of the last generated id. Recommendations: For nanoid versions 3.0.0 through 3.1.30, update to...

5.5CVSS7.6AI score0.00822EPSS
Exploits1References26
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.3 views

nanoid 代码问题漏洞

nanoid is a small, secure, URL-friendly, unique string ID generator for JavaScript. nanoid is vulnerable, stemming from nanoid's vulnerability to information exposure via the valueOf function, which allows the last generated id to be reproduced. no details of the vulnerability are currently...

5.5CVSS5.5AI score0.0044EPSS
Exploits1References15
Snyk
Snyk
added 2022/01/11 1:2 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated. PoC javascript import nanoid from 'nanoid'; const makeProxyNumberToReproducePreviousID = = let step = 0; return valueOf // // if !pool ||...

5.5CVSS9.3AI score0.0044EPSS
Exploits1References2
Veracode
Veracode
added 2019/01/15 8:59 a.m.31 views

Cross-site Scripting (XSS)

Mozilla Firefox and Thunderbird is vulnerable to cross-site scripting XSS. The use of valueOf method to shadow the location object window.location is not prevented, allowing for remote attackers to inject arbitrary Javascript into a victim's web browser via a malicious plugin...

4.3CVSS8.6AI score0.02835EPSS
Exploits1References21Affected Software3
seebug.org
seebug.org
added 2017/04/19 12:0 a.m.30 views

Microsoft Edge: Use-after-free in TypedArray.sort(CVE-2016-7288)

There is a use-after-free in the TypedArray. sort. In TypedArrayCompareElementsHelper https://chromium.googlesource.com/external/github.com/Microsoft/ChakraCore/+/TimeTravelDebugging/lib/Runtime/Library/TypedArray.cpp, the comparison function is called with the following code: Var retVal =...

7.6CVSS7.8AI score0.70354EPSS
Exploits2
exploitpack
exploitpack
added 2015/12/18 12:0 a.m.12 views

Adobe Flash TextField.thickness Setter - Use-After-Free

Adobe Flash TextField.thickness Setter - Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=587 There is a use-after-free in the TextField thickness setter. If the thickness parameter is an object with valueOf set to a function which frees the TextField...

Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.29 views

Adobe Flash TextField.tabIndex Setter - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leading to a use-after-free. A minimal PoC follows: var...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.21 views

Adobe Flash MovieClip.attachMovie - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=571 There is a use-after-free in MovieClip.attachMovie. If a string parameter has toString defined, a number parameter has valueOf defined or an object parameter has its constructor redefined, it can execute code and free...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2015/12/18 12:0 a.m.20 views

Adobe Flash Selection.SetSelection - Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=590 There is a use-after-free in Selection.SetSelection. If it is called with a number parameter, which is an object with valueOf defined, and this function frees the parent of the TextField parameter, the object is used...

7AI score
Exploits0
0day.today
0day.today
added 2015/12/18 12:0 a.m.22 views

Adobe Flash MovieClip.startDrag - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=592 There is a use-after-free in MovieClip.startDrag. If a parameter an object with valueOf defined, this method can free the MovieClip, which is then used. A minimal POC...

10CVSS0.6AI score0.31634EPSS
Exploits1
0day.today
0day.today
added 2015/12/18 12:0 a.m.48 views

Adobe Flash TextField.tabIndex Setter - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=574 There is a use-after-free in the TextField.tabIndex setter. If the integer parameter is an object with valueOf defined, then it can free the TextField's parent, leadi...

10CVSS0.1AI score0.43408EPSS
Exploits1
ArchLinux
ArchLinux
added 2015/07/16 12:0 a.m.50 views

lib32-flashplugin: arbitrary code execution

CVE-2015-5122 arbitrary code execution Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 AS3 implementation allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted Flash content that leverages improper handling of...

10CVSS7.1AI score0.93688EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2015/07/10 12:0 a.m.3 views

PT-2015-1512 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203 Description: The issue is relate...

10CVSS9.9AI score0.93688EPSS
Exploits5References49
CNVD
CNVD
added 2015/07/10 12:0 a.m.6 views

Adobe Flash Player ActionScript 3 Memory Misreference Vulnerability

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory misreference vulnerability exists in the 'ByteArray' class in the ActionScript 3 AS3 implementation of...

10CVSS7.8AI score0.99344EPSS
Exploits6References1
Prion
Prion
added 2015/07/08 2:59 p.m.32 views

Design/Logic Flaw

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

10CVSS8.3AI score0.99344EPSS
Exploits6References16Affected Software1
OSV
OSV
added 2015/07/08 2:59 p.m.5 views

UBUNTU-CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

9.8CVSS7.8AI score0.99344EPSS
Exploits6References8
Cvelist
Cvelist
added 2015/07/08 2:0 p.m.48 views

CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...

7.7AI score0.99344EPSS
Exploits6References16
Rows per page
Query Builder