A vulnerability, which was classified as critical, was found in record-like-deep-assign (version unknown). Affected is some unknown functionality of the component Prototype Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
record-like-deep-assign Prototype code injection [CVE-2021-23402]
- Virtual Patching
- July 3, 2021
- 9:04 am
CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION
Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in
CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD
Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.
CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION
Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed