Lucene search
+L

29 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-35895

Malicious code in bioql PyPI...

8.1CVSS8.2AI score0.01098EPSS
Exploits0References1
openvas
openvas
added 2025/02/25 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:2543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01411EPSS
Exploits0References8
openvas
openvas
added 2025/02/25 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2024:2574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01411EPSS
Exploits0References8
wolfi
wolfi
added 2025/01/09 1:15 a.m.226 views

CVE-2024-27980 vulnerabilities

Vulnerabilities for packages: nodejs...

8.1CVSS9.7AI score0.01411EPSS
Exploits0
cgr
cgr
added 2025/01/09 1:15 a.m.80 views

CVE-2024-27980 vulnerabilities

Vulnerabilities for packages: nodejs...

8.1CVSS9.5AI score0.01411EPSS
Exploits0
ubuntucve
ubuntucve
added 2025/01/09 1:15 a.m.40 views

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS7.7AI score0.01411EPSS
Exploits0References2
cvelist
cvelist
added 2025/01/09 12:33 a.m.25 views

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS0.01411EPSS
Exploits0References5
cve
cve
added 2025/01/09 12:33 a.m.3040 views

CVE-2024-27980

CVE-2024-27980 affects Node.js where improper handling of batch files in child_process.spawn/spawnSync allows a malicious command line argument to inject arbitrary commands and achieve code execution even when shell is not enabled. The issue is documented across multiple feeds (Node.js CVE entry,...

8.1CVSS7.7AI score0.01411EPSS
Exploits0References5
debiancve
debiancve
added 2025/01/09 12:33 a.m.26 views

CVE-2024-27980

Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...

8.1CVSS8.7AI score0.01411EPSS
Exploits0
osv
osv
added 2024/12/16 1:53 p.m.25 views

BIT-NODE-MIN-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.5AI score0.01098EPSS
Exploits0References4
osv
osv
added 2024/09/10 7:13 a.m.26 views

BIT-NODE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.5AI score0.01098EPSS
Exploits0References4
circl
circl
added 2024/09/07 7:20 p.m.6 views

CVE-2024-27980

creationtimestamp| type| source ---|---|--- 2024-09-07 19:20:31+00:00| seen| https://t.me/cvedetector/5029 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08 2025-01-09 01:11:49+00:00| seen| https://infosec.exchange/users/cve/statuses/11379573448375297...

8.1CVSS8AI score0.01411EPSS
Exploits0References12
openvas
openvas
added 2024/07/24 12:0 a.m.24 views

openSUSE Security Advisory (SUSE-SU-2024:2542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.9AI score0.01411EPSS
Exploits0References6
nessus
nessus
added 2024/07/23 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2574-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2574-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01411EPSS
Exploits0References18
nessus
nessus
added 2024/07/18 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:2542-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2542-1 advisory. Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7.6AI score0.01411EPSS
Exploits0References10
nessus
nessus
added 2024/07/18 12:0 a.m.26 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01411EPSS
Exploits0References18
osv
osv
added 2024/07/17 7:51 a.m.24 views

SUSE-SU-2024:2542-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

8.1CVSS7.5AI score0.01411EPSS
Exploits0References7
osv
osv
added 2024/07/16 7:33 a.m.24 views

SUSE-SU-2024:2496-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

8.1CVSS7.5AI score0.01411EPSS
Exploits0References7
ibm
ibm
added 2024/07/08 9:24 a.m.53 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to obtain sensitive information, denial of service, HTTP request smuggling and allow a local authenticated attacker to gain elevated privileges on the system. These vulnerabilities affect IBM Spectrum Control. CVE-2024-27983, CVE-2024-22019,...

8.2CVSS9AI score0.87211EPSS
Exploits1Affected Software1
nessus
nessus
added 2024/07/08 12:0 a.m.249 views

Node.js 18.x < 18.20.4 / 20.x < 20.15.1 / 22.x < 22.4.1 Multiple Vulnerabilities (Monday, July 8, 2024 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.4, 20.15.1, 22.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Monday, July 8, 2024 Security Releases advisory. - The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut...

8.1CVSS7.9AI score0.01411EPSS
Exploits0References6
Rows per page
Query Builder