CVE-2024-2495

MEDIUM Year: 2024
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-1321
View all →

Vulnerability Description

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data.

Related Vulnerabilities

CVE-2019-10806

MEDIUM
CVSS:4.3(Medium)

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

CWE-13212019

CVE-2021-23408

MEDIUM
CVSS:4.3(Medium)

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using ...

CWE-13212021

CVE-2024-45277

MEDIUM
CVSS:4.3(Medium)

The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes. Th...

CWE-13212024

CVE-2023-30857

LOW
CVSS:3.7(Low)

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when me...

CWE-13212023

CVE-2020-7600

MEDIUM
CVSS:5.3(Medium)

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused ...

CWE-13212020

CVE-2020-7608

MEDIUM
CVSS:5.3(Medium)

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.

CWE-13212020