|
195031
|
9.8 |
CRITICAL
Network
|
json-ptr_project
|
json-ptr
|
This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23509
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195032
|
6.1 |
MEDIUM
Network
|
bootstrap-table
|
bootstrap_table
|
This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an arra…
|
CWE-843
Type Confusion
|
CVE-2021-23472
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195033
|
9.8 |
CRITICAL
Network
|
jsonpointer_project
|
jsonpointer
|
This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.
|
CWE-843
Type Confusion
|
CVE-2021-23820
|
2024-11-21 14:51 |
2021-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195034
|
7.8 |
HIGH
Local
|
mcafee
|
total_protection
|
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spe…
|
CWE-269
Improper Privilege Management
|
CVE-2021-23877
|
2024-11-21 14:51 |
2021-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195035
|
7.5 |
HIGH
Network
|
trendmicro
|
apex_one
worry-free_business_security
worry-free_business_security_services
|
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-23139
|
2024-11-21 14:51 |
2021-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195036
|
9.8 |
CRITICAL
Network
|
binaryops
|
x-assign
|
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23452
|
2024-11-21 14:51 |
2021-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195037
|
10.0 |
CRITICAL
Network
|
vm2_project
|
vm2
|
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2021-23449
|
2024-11-21 14:51 |
2021-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195038
|
9.8 |
CRITICAL
Network
|
glasswire
|
glasswire
|
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.
|
CWE-94
Code Injection
|
CVE-2021-22961
|
2024-11-21 14:51 |
2021-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195039
|
6.1 |
MEDIUM
Network
|
fastify
|
fastify-static
|
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000…
|
CWE-601
Open Redirect
|
CVE-2021-22963
|
2024-11-21 14:51 |
2021-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195040
|
8.8 |
HIGH
Network
|
fastify
|
fastify-static
|
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed b…
|
CWE-601
Open Redirect
|
CVE-2021-22964
|
2024-11-21 14:51 |
2021-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
