Lucene search
K

32 matches found

CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.7 views

CVE-2024-22018 affecting package nodejs for versions less than 24.14.1-3

CVE-2024-22018 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...

2.9CVSS6.3AI score0.00458EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:2543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01387EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2024:2574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01387EPSS
Exploits0References8
Amazon
Amazon
added 2024/11/14 12:0 a.m.5 views

Medium: nodejs20

Issue Overview: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actor...

6.5CVSS7AI score0.01104EPSS
Exploits1
OSV
OSV
added 2024/09/17 12:55 a.m.20 views

RLSA-2024:5815 Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

6.5CVSS6.2AI score0.01104EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/08/29 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2024-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.4AI score0.01104EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/08/26 8:12 a.m.33 views

Moderate: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.5AI score0.01104EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2024/08/26 12:0 a.m.45 views

nodejs:20 security update

nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...

6.5CVSS7.4AI score0.01104EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/08/26 12:0 a.m.352 views

nodejs:20 security update

nodejs 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 nodejs-nodemon nodejs-packaging...

6.5CVSS7.4AI score0.01104EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/08/26 12:0 a.m.30 views

AlmaLinux 9 : nodejs:20 (ALSA-2024:5815)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:5815 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs: fs.fchown/fchmod...

6.5CVSS6.3AI score0.01104EPSS
Exploits0References4
OSV
OSV
added 2024/08/26 12:0 a.m.17 views

ALSA-2024:5815 Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

6.5CVSS6.2AI score0.01104EPSS
Exploits0References8
OSV
OSV
added 2024/08/26 12:0 a.m.23 views

ALSA-2024:5814 Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.4AI score0.01104EPSS
Exploits1References10
AlmaLinux
AlmaLinux
added 2024/08/26 12:0 a.m.46 views

Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...

6.5CVSS6.6AI score0.01104EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2024/08/26 12:0 a.m.34 views

Moderate: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.32 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2574-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2574-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01387EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.26 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01387EPSS
Exploits0References18
Circl
Circl
added 2024/07/10 4:38 a.m.7 views

CVE-2024-22018

creationtimestamp| type| source ---|---|--- 2024-07-10 04:38:04+00:00| seen| https://t.me/cvedetector/495 2025-04-30 23:14:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14198 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...

2.9CVSS5.9AI score0.00458EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/07/10 3:49 a.m.38 views

CVE-2024-22018

A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to...

2.9CVSS3.6AI score0.00458EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/10 3:36 a.m.5 views

SUSE CVE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.8CVSS8.3AI score0.00458EPSS
Exploits0References6
Rows per page
Query Builder