Monthly Archive: September 2021

ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the...

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe...

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read...

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content....

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an...

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to...

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to...

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer...

Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2021-09-17 https://www.ni.com/en-us/support/documentation/supplemental/21/improper-input-validation-in-ni-pal.html

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-09-17 https://huntr.dev/bounties/875a6885-9a64-46f3-94ad-92f40f989200 https://github.com/pi-hole/adminlte/commit/f526716de7bb0fd382a64bcbbb33915c926f94bb

adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Date published : 2021-09-17 https://huntr.dev/bounties/fa38c61f-4043-4872-bc85-7fe5ae5cc2e8 https://github.com/pi-hole/adminlte/commit/f526716de7bb0fd382a64bcbbb33915c926f94bb

code-server is vulnerable to Inefficient Regular Expression Complexity Date published : 2021-09-17 https://huntr.dev/bounties/38888513-30fc-4d8f-805d-34070d60e223 https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5

ansi-regex is vulnerable to Inefficient Regular Expression Complexity Date published : 2021-09-17 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) Date published : 2021-09-17 https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 https://github.com/mariocasciaro/object-path/commit/e6bb638ffdd431176701b3e9024f80050d0ef0a6