10 matches found
EUVD-2012-4389
Malware in sbrugna...
EUVD-2023-43063
Malicious code in bioql PyPI...
BIT-NODE-MIN-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
Internet Bug Bounty: Path traversal through path stored in Uint8Array in Node.js 20
A path traversal vulnerability was discovered in Node.js 20 through paths stored in Uint8Array objects. The vulnerability allowed bypassing path sanitization protections and reading arbitrary files outside of a restricted directory. The issue was addressed by properly sanitizing Uint8Array paths ...
CVE-2023-39332
Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...
CVE-2023-39332
CVE-2023-39332 concerns Node.js: certain node:fs path operations permit traversal when paths are provided as non-Buffer Uint8Array objects. The vulnerability contrasts with existing mitigations for string paths and Buffer paths (CVE-2023-30584 and CVE-2023-32004). The issue arises in environments...
Uninitialized Memory Disclosure
openwhisk is vulnerable to uninitialized memory disclosure. The library initializes a buffer by providing a numeric value to the Buffer class, resulting in a buffer being created with non zero-ed out memory. This can lead to information on the uninitialized memory being disclosed...
Uninitialized Memory Disclosure
The node package ip is vulnerable to information disclosure. This is due to the insecure use of the buffer class, leading to the disclosure of uninitialized memory...
CVE-2012-4460
The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not...
CVE-2012-4460
The CVE-2012-4460 issue affects Apache Qpid (0.20 and earlier) in the qpid::framing::Buffer class’ serializing/deserializing functions. Affects the Buffer component, enabling remote denial of service (assertion failure and daemon exit) via unspecified vectors, with a note that it could trigger an...