|
195221
|
6.5 |
MEDIUM
Network
|
llhttp
oracle
debian
|
llhttp
graalvm
debian_linux
|
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
|
CWE-444
HTTP Request Smuggling
|
CVE-2021-22960
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195222
|
6.1 |
MEDIUM
Network
|
tempura_project
|
tempura
|
This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scri…
|
CWE-79
Cross-site Scripting
|
CVE-2021-23784
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195223
|
9.8 |
CRITICAL
Network
|
dotty_project
|
dotty
|
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23624
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195224
|
9.8 |
CRITICAL
Network
|
json-ptr_project
|
json-ptr
|
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23509
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195225
|
6.1 |
MEDIUM
Network
|
bootstrap-table
|
bootstrap_table
|
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an arra…
|
CWE-843
Type Confusion
|
CVE-2021-23472
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195226
|
9.8 |
CRITICAL
Network
|
jsonpointer_project
|
jsonpointer
|
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23820
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195227
|
7.8 |
HIGH
Local
|
mcafee
|
total_protection
|
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spe…
|
CWE-269
Improper Privilege Management
|
CVE-2021-23877
|
2024-11-21 14:51 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195228
|
7.5 |
HIGH
Network
|
trendmicro
|
apex_one
worry-free_business_security
worry-free_business_security_services
|
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-23139
|
2024-11-21 14:51 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195229
|
9.8 |
CRITICAL
Network
|
binaryops
|
x-assign
|
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23452
|
2024-11-21 14:51 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195230
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23449
|
2024-11-21 14:51 |
2021-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
