18 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-37372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtl...
CVE-2024-37372 vulnerabilities
Vulnerabilities for packages: nodejs...
openSUSE Security Advisory (SUSE-SU-2024:2574-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2543-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
UBUNTU-CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
CVE-2024-37372
creationtimestamp| type| source ---|---|--- 2025-01-09 01:11:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113795734498923692 2025-01-09 01:15:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/870 2025-01-09 01:15:58+00:00| seen|...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
CVE-2024-37372
The CVE-2024-37372 entry concerns Node.js and the experimental permission model. The root cause is a faulty assumption in UNC path handling: the model treats paths starting with two backslashes as having a four-character prefix that can be ignored, which is not universally true. This leads to vul...
CVE-2024-37372
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases...
Mageia: Security Advisory (MGASA-2024-0282)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2574-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2574-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...
SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2024:2543-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2543-1 advisory. Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of...
Node.js 20.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 20.x < 20.15.1, 21.x < 22.4.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 18.x < 18.20.4 / 20.x < 20.15.1 / 22.x < 22.4.1 Multiple Vulnerabilities (Monday, July 8, 2024 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.4, 20.15.1, 22.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Monday, July 8, 2024 Security Releases advisory. - The CVE-2024-27980 was identified as an incomplete fix for the BatBadBut...