Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/19 12:0 a.m.59 views

Fedora 37 : nodejs16 / nodejs18 / nodejs20 (2023-18476abd7e)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-18476abd7e advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...

9.8CVSS7.3AI score0.01817EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2023/08/17 12:0 a.m.24 views

Fedora: Security Advisory for nodejs20 (FEDORA-2023-d12a917ab4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.01817EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2023/08/16 12:0 a.m.35 views

Fedora 38 : nodejs16 / nodejs18 / nodejs20 (2023-d12a917ab4)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-d12a917ab4 advisory. https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for the v16.x, v18.x, a...

9.8CVSS7.3AI score0.01817EPSS
Exploits3References8
Circl
Circl
added 2023/08/15 8:30 p.m.3 views

CVE-2023-32003

creationtimestamp| type| source ---|---|--- 2023-08-15 20:30:55+00:00| seen| https://t.me/cibsecurity/68557 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08...

5.3CVSS6.4AI score0.01048EPSS
Exploits0References2
Wolfi
Wolfi
added 2023/08/15 4:15 p.m.26 views

CVE-2023-32003 vulnerabilities

Vulnerabilities for packages: nodejs...

5.3CVSS7.6AI score0.01048EPSS
Exploits0
Cvelist
Cvelist
added 2023/08/15 3:10 p.m.28 views

CVE-2023-32003

fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the...

7.3AI score0.01048EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/08/15 3:10 p.m.19 views

CVE-2023-32003

fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the...

6.6AI score0.01048EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/08/15 3:10 p.m.34 views

CVE-2023-32003

fs.mkdtemp and fs.mkdtempSync can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the...

5.3CVSS6.4AI score0.01048EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/11 12:0 a.m.264 views

Node.js 16.x < 16.20.2 / 18.x < 18.17.1 / 20.x < 20.5.1 Multiple Vulnerabilities (Wednesday August 09 2023 Security Releases).

The version of Node.js installed on the remote host is prior to 16.20.2, 18.17.1, 20.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday August 09 2023 Security Releases advisory: - Permissions policies can be bypassed via Module.load CVE-2023-32002 -...

9.8CVSS7.1AI score0.01817EPSS
Exploits3References8
OpenVAS
OpenVAS
added 2023/08/10 12:0 a.m.23 views

Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

8.8CVSS7.4AI score0.01817EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/08/10 12:0 a.m.20 views

Node.js 20.x < 20.5.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

8.8CVSS7.5AI score0.01817EPSS
Exploits2References1
Hacker One
Hacker One
added 2023/08/09 6:37 p.m.46 views

Internet Bug Bounty: (CVE-2023-32003) fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks

The fs.mkdtemp and fs.mkdtempSync functions in Node.js were found to be missing getValidatedPath checks, allowing for a path traversal attack. This vulnerability could be exploited to create arbitrary directories...

5.3CVSS7.1AI score0.01048EPSS
Exploits0
Rows per page
Query Builder