4420 matches found
CVE-2025-24791
CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
CVE-2025-24791 snowflake-connector-nodejs has incorrect validation of temporary credential cache file permissions
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This...
SUSE-SU-2025:0284-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...
NodeJS Driver for Snowflake 安全漏洞
NodeJS Driver for Snowflake is an open source NodeJS driver from Snowflake Computing. A security vulnerability exists in NodeJS Driver for Snowflake versions prior to 2.0.2, which stems from an attacker with write access to a local cache directory can bypass file permission checks in the temporar...
UBUNTU-CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...
SUSE-SU-2025:0237-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently...
Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...
SUSE-SU-2025:0234-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.6: - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258...
Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to 18.20.6: CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici bsc1236258 Patc...
Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.18.2: CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251 CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERRPROTO bsc1236250 CVE-2025-22150: Fixed insufficiently random...
OPENSUSE-SU-2025:14687-1 nodejs-electron-33.3.2-1.1 on GA media
These are all security issues fixed in the nodejs-electron-33.3.2-1.1 package on the GA media of openSUSE Tumbleweed...
AZL-56041 CVE-2025-0611 affecting package nodejs 20.14.0-13
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
AZL-56052 CVE-2025-0612 affecting package nodejs18 18.20.3-11
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
AZL-56022 CVE-2025-0611 affecting package nodejs18 18.20.3-11
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
AZL-56035 CVE-2025-0612 affecting package nodejs 20.14.0-13
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-23090 vulnerabilities
Vulnerabilities for packages: nodejs...
AZL-55922 CVE-2025-23083 affecting package nodejs for versions less than 20.14.0-4
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...