Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7726 | 1 Safe-object2 Project | 1 Safe-object2 | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. | |||||
| CVE-2022-3847 | 1 Showing Url In Qr Code Project | 1 Showing Url In Qr Code | 2022-12-02 | N/A | 6.1 MEDIUM |
| The Showing URL in QR Code WordPress plugin through 0.0.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack | |||||
| CVE-2022-3769 | 1 Ujsoftware | 1 Owm Weather | 2022-12-02 | N/A | 8.8 HIGH |
| The OWM Weather WordPress plugin before 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor | |||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2022-12-02 | N/A | 8.8 HIGH |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | |||||
| CVE-2020-7736 | 1 Bmoor Project | 1 Bmoor | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2019-0230 | 2 Apache, Oracle | 5 Struts, Communications Policy Management, Financial Services Data Integration Hub and 2 more | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | |||||
| CVE-2021-26259 | 1 Htmldoc Project | 1 Htmldoc | 2022-12-02 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | |||||
| CVE-2020-7737 | 1 Safetydance Project | 1 Safetydance | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. | |||||
| CVE-2019-11810 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-12-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | |||||
| CVE-2020-7748 | 1 Ts.ed Project | 1 Ts.ed | 2022-12-02 | 6.8 MEDIUM | 8.1 HIGH |
| This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-7709 | 1 Smallpdf | 1 Json-pointer | 2022-12-02 | 6.5 MEDIUM | 7.2 HIGH |
| This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported. | |||||
| CVE-2020-7770 | 1 Json8 Project | 1 Json8 | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. | |||||
| CVE-2020-7768 | 1 Grpc | 1 Grpc | 2022-12-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | |||||
| CVE-2020-7766 | 1 Json-ptr Project | 1 Json-ptr | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution. | |||||
| CVE-2020-7746 | 1 Chartjs | 1 Chart.js | 2022-12-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. | |||||
| CVE-2019-4237 | 1 Ibm | 3 Infosphere Information Governance Catalog, Infosphere Information Server, Infosphere Information Server On Cloud | 2022-12-02 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. | |||||
| CVE-2019-4249 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2022-12-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159647. | |||||
| CVE-2019-4235 | 1 Ibm | 1 Pureapplication System | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417. | |||||
| CVE-2019-4234 | 1 Ibm | 1 Pureapplication System | 2022-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416. | |||||
| CVE-2020-28269 | 1 Exodus | 1 Field | 2022-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||