3239 matches found
SUSE CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel's OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalat...
RHEL 4 : exim (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - exim: local root privilege escalation for configurations with perlstartup CVE-2016-1531 - The openlog...
The vulnerability of the setuid() module on the Node.js software platform, which allows a malicious actor to escalate their privileges
The vulnerability of the setuid module in the Node.js software platform is related to context switching errors during privilege escalation. Exploiting this vulnerability can allow an attacker to enhance their privileges...
RHEL 9 : tar (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash CVE-2023-39804 Note that Nessus h...
FreeBSD : electron29 -- setuid() does not affect libuv's internal io_uring (a431676c-f86c-4371-b48a-b7d2b0bec3a3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a431676c-f86c-4371-b48a-b7d2b0bec3a3 advisory. - setuid does not affect libuv's internal iouring operations if initialized before the call to setuid...
K000139573: node.js vulnerability CVE-2024-22017
Security Advisory Description setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all...
nodejs:20 security update
An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
RLSA-2024:1688 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...
nodejs:20 security update
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...
nodejs: setuid() does not drop all privileges due to io_uring
A flaw was found in Node.js, where the setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid...
RHEL 9 : nodejs:20 (RHSA-2024:1688)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1688 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 8 : nodejs:20 (RHSA-2024:1687)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1687 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...
Exploit for Improper Handling of Insufficient Permissions or Privileges in Apple Macos
🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0 Node.js 20.4.0 and Node.js 21.
...
AZL-35899 CVE-2024-22017 affecting package nodejs for versions less than 20.14.0-1
setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...
CVE-2024-22017
setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...
CVE-2024-22017
setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...
CVE-2024-22017
setuid does not affect libuv's internal iouring operations if initialized before the call to setuid. This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid. This vulnerability affects all users using version greater or...