2749 matches found
nodejs security and bug fix update
An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
Fedora: Security Advisory for rust-tokio-tungstenite (FEDORA-2023-91a66898d2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-5197
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit...
Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-005)
The version of tomcat installed on the remote host is prior to 8.5.79-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-005 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux,...
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-004)
The version of tomcat installed on the remote host is prior to 9.0.65-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2TOMCAT9-2023-004 advisory. A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
nodejs: Permissions policies can be bypassed via process.binding
A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsync' to run arbitrary code outside of the limits defined in a...
Important: tomcat
Issue Overview: A flaw was found in Spring Framework, specifically within two modules called Spring MVC and Spring WebFlux, transitively affected from Spring Beans, using parameter data binding. This flaw allows an attacker to pass specially-constructed malicious requests to certain parameters an...
CISA Adds Two Known Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability These types of...
Path traversal
The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...
CVE-2023-35683
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CISA Adds One Known Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33246 Apache RocketMQ Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
Design/Logic Flaw
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
CVE-2023-41742
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30430, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...
PT-2023-5773 · Acronis · Acronis Agent +2
Name of the Vulnerable Software and Affected Versions: Acronis Agent versions prior to build 30430 Acronis Cyber Protect 15 versions prior to build 35979 Description: The issue is related to an excessive attack surface due to binding to an unrestricted IP address. This could allow a remote attack...