The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. Date published : 2021-01-19 https://github.com/clientIO/joint/releases/tag/v3.3.0 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062040
This affects the package gsap before 3.6.0. Date published : 2021-01-19 https://github.com/greensock/GSAP/blob/master/src/gsap-core.js%23L147 https://snyk.io/vuln/SNYK-JS-GSAP-1054614
This affects all versions of package immer. Date published : 2021-01-19 https://github.com/immerjs/immer/blob/master/src/plugins/patches.ts%23L213 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1061986
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype...
A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted...
Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz...
A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This...
Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. Date published : 2021-01-19 https://www.manageengine.com/products/applications_manager/issues.html#v14880 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2020-27733.html
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn’t use adequate measures to authenticate the communicating entities before exchanging keys, which...
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn’t use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers...
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff...
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers...
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default...
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks...