Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.16 views

TencentOS Server 4: nodejs (TSSA-2024:0291)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0291 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.9AI score0.01411EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.8 views

openSUSE Security Advisory (SUSE-SU-2024:2543-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01411EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.6 views

openSUSE Security Advisory (SUSE-SU-2024:2574-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.6AI score0.01411EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/02/05 4:51 a.m.13 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS8.6AI score0.01411EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:40 a.m.26 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to execute arbitrary commands. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-36138 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the incomplete fi...

8.1CVSS8.1AI score0.01104EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/09/07 4:15 p.m.18 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS0.01098EPSS
Exploits0References2
OSV
OSV
added 2024/09/07 4:15 p.m.24 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

7.7AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/09/07 4:15 p.m.259 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.6AI score0.01098EPSS
Exploits0References1
CVE
CVE
added 2024/09/07 4:0 p.m.1610 views

CVE-2024-36138

CVE-2024-36138 is a chain-vulnerability tied to Node.js: it bypasses the incomplete fix for CVE-2024-27980, exploiting improper handling of batch files on Windows via child_process.spawn/spawnSync. This can allow a malicious command line argument to inject commands and achieve code execution even...

8.1CVSS7.8AI score0.01098EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/09/07 4:0 p.m.39 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS7.5AI score0.01098EPSS
Exploits0
Debian CVE
Debian CVE
added 2024/09/07 4:0 p.m.123 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS8.5AI score0.01098EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/07 4:0 p.m.33 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS0.01098EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/07 4:0 p.m.23 views

CVE-2024-36138

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...

8.1CVSS8.6AI score0.01098EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/08/29 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2024-0282)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.4AI score0.01104EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2024/07/24 12:0 a.m.24 views

openSUSE Security Advisory (SUSE-SU-2024:2542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.9AI score0.01411EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2574-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2574-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01411EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:2542-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2542-1 advisory. Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7.6AI score0.01411EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.26 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...

8.1CVSS7AI score0.01411EPSS
Exploits0References18
OSV
OSV
added 2024/07/17 7:51 a.m.24 views

SUSE-SU-2024:2542-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

8.1CVSS7.5AI score0.01411EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/17 12:0 a.m.27 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:2496-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2496-1 advisory. Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import...

8.1CVSS7.6AI score0.01411EPSS
Exploits0References10
Rows per page
Query Builder