Falhas do tipo CWE-471

36 resultados
CVE-2022-21824Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "propertiesEPSS 21.5%CVE-2018-3728hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' EPSS 4.2%CVE-2020-8147Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remotEPSS 3.1%CVE-2020-8116Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbiEPSS 3.1%CVE-2018-3721lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and merEPSS 2.4%CVE-2018-3719mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious useEPSS 2.1%CVE-2020-8158Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further EPSS 2.1%CVE-2018-3722merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious useEPSS 2.0%CVE-2018-3723defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious EPSS 2.0%CVE-2018-3720assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious usEPSS 2.0%CVE-2020-26245HIGHPrototype Pollution leading to Command Injection in systeminformationEPSS 1.9%CVE-2020-15256HIGHPrototype pollution in object-pathEPSS 1.5%CVE-2022-25893CRITICALArbitrary Code ExecutionEPSS 1.4%CVE-2020-26237MEDIUMPrototype Pollution in highlight.jsEPSS 1.3%CVE-2020-8268Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties ofEPSS 1.3%CVE-2024-57708MEDIUMAn issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.EPSS 0.9%CVE-2021-24046A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the FaceboEPSS 0.7%CVE-2023-43697MEDIUM Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load EPSS 0.6%CVE-2022-3288LOWA branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows anEPSS 0.6%CVE-2024-34517MEDIUMThe Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin acceEPSS 0.6%