Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15256 | 1 Object-path Project | 1 Object-path | 2024-08-04 | 7.7 High |
| A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0. | ||||
| CVE-2020-8268 | 1 Json8-merge-patch Project | 1 Json8-merge-patch | 2024-08-04 | 7.5 High |
| Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor. | ||||
| CVE-2020-8147 | 1 Utils-extend Project | 1 Utils-extend | 2024-08-04 | 9.8 Critical |
| Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. | ||||
| CVE-2020-8116 | 2 Dot-prop Project, Redhat | 4 Dot-prop, Enterprise Linux, Rhel Eus and 1 more | 2024-08-04 | 7.3 High |
| Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | ||||
| CVE-2020-8158 | 1 Typeorm | 1 Typeorm | 2024-08-04 | 9.8 Critical |
| Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks. | ||||
| CVE-2021-42701 | 1 Azeotech | 1 Daqfactory | 2024-08-04 | 5 Medium |
| An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account. | ||||
| CVE-2021-37177 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-08-04 | 6.5 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. | ||||
| CVE-2021-37193 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-08-04 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid (or vice-versa). | ||||
| CVE-2021-24046 | 1 Ray-ban | 8 Stories Rw4002 601\/71 50-22, Stories Rw4002 601\/71 50-22 Firmware, Stories Rw4003 65582v 48-23 and 5 more | 2024-08-03 | 5.3 Medium |
| A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0. | ||||
| CVE-2022-21824 | 5 Debian, Netapp, Nodejs and 2 more | 16 Debian Linux, Oncommand Insight, Oncommand Workflow Automation and 13 more | 2024-08-03 | 8.2 High |
| Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. | ||||
| CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2024-08-03 | 6.1 Medium |
| Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | ||||
| CVE-2023-2904 | 1 Hidglobal | 1 Safe | 2024-08-02 | 7.3 High |
| The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this vulnerability to create a denial-of-service condition. | ||||