Export limit exceeded: 361517 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23964 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7. | ||||
| CVE-2021-23955 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23851 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2024-11-21 | 6.8 Medium |
| A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | ||||
| CVE-2021-23850 | 1 Bosch | 136 Autodome 7000, Autodome 7000 Firmware, Autodome Ip 4000 Hd and 133 more | 2024-11-21 | 6.8 Medium |
| A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware. | ||||
| CVE-2021-23771 | 2 Argencoders-notevil Project, Notevil Project | 2 Argencoders-notevil, Notevil | 2024-11-21 | 6.5 Medium |
| This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object's prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878). | ||||
| CVE-2021-23760 | 1 Keyget Project | 1 Keyget | 2024-11-21 | 5.6 Medium |
| The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-28272](https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048) | ||||
| CVE-2021-23702 | 1 Object-extend Project | 1 Object-extend | 2024-11-21 | 7.6 High |
| The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend. | ||||
| CVE-2021-23700 | 1 Merge-deep2 Project | 1 Merge-deep2 | 2024-11-21 | 6.5 Medium |
| All versions of package merge-deep2 are vulnerable to Prototype Pollution via the mergeDeep() function. | ||||
| CVE-2021-23682 | 2 Appwrite, Litespeed.js Project | 2 Appwrite, Litespeed.js | 2024-11-21 | 7.3 High |
| This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key that is set in the result object is not properly sanitized leading to a Prototype Pollution vulnerability. | ||||
| CVE-2021-23663 | 1 Sey Project | 1 Sey | 2024-11-21 | 6.5 Medium |
| All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function. | ||||
| CVE-2021-23654 | 1 Html-to-csv Project | 1 Html-to-csv | 2024-11-21 | 5.6 Medium |
| This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files. | ||||
| CVE-2021-23597 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 7.5 High |
| This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). | ||||
| CVE-2021-23594 | 1 Agoric | 1 Realms-shim | 2024-11-21 | 9.8 Critical |
| All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | ||||
| CVE-2021-23574 | 1 Js-data | 1 Js-data | 2024-11-21 | 7.5 High |
| All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655). | ||||
| CVE-2021-23568 | 1 Eggjs | 1 Extend2 | 2024-11-21 | 7.3 High |
| The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge. | ||||
| CVE-2021-23561 | 1 C2fo | 1 Comb | 2024-11-21 | 6.5 Medium |
| All versions of package comb are vulnerable to Prototype Pollution via the deepMerge() function. | ||||
| CVE-2021-23558 | 1 Bmoor Project | 1 Bmoor | 2024-11-21 | 7.3 High |
| The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) | ||||
| CVE-2021-23543 | 1 Agoric | 1 Realms-shim | 2024-11-21 | 9.8 Critical |
| All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. | ||||
| CVE-2021-23518 | 3 Cached-path-relative Project, Debian, Redhat | 3 Cached-path-relative, Debian Linux, Acm | 2024-11-21 | 7.3 High |
| The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties when the object is used to create the cached relative path. When using the origin path as __proto__, the attribute of the object is accessed instead of a path. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573 | ||||
| CVE-2021-23507 | 1 Skratchdot | 1 Object-path-set | 2024-11-21 | 7.5 High |
| The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 | ||||