Lucene search
K

74 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21891)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21891 advisory. - Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, whi...

8.8CVSS5.6AI score0.01245EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36292

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.01817EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19624

Malicious code in bioql PyPI...

2.9CVSS5.9AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19502

Malicious code in bioql PyPI...

8.8CVSS7.1AI score0.01245EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36333

Malicious code in bioql PyPI...

3.3CVSS5.9AI score0.00395EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-36137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...

3.3CVSS6.1AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-22018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises fro...

2.9CVSS6.2AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/05/16 1:24 p.m.7 views

OESA-2025-1519 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js...

3.3CVSS7AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1200 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1199 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:58 p.m.17 views

BIT-NODE-MIN-2023-30587

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...

7.5CVSS7.3AI score0.00747EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:55 p.m.15 views

BIT-NODE-MIN-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS7.7AI score0.01245EPSS
Exploits0References7
OSV
OSV
added 2024/12/16 1:54 p.m.13 views

BIT-NODE-MIN-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS5AI score0.00458EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.20 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
NVD
NVD
added 2024/09/07 4:15 p.m.46 views

CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

5.3CVSS0.0058EPSS
Exploits0References2
OSV
OSV
added 2024/09/07 4:15 p.m.6 views

ALPINE-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS6.8AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 4:15 p.m.26 views

CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/09/07 4:0 p.m.38 views

CVE-2023-30584

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at the time this CVE was issued, the permission model is an...

0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/07 4:0 p.m.21 views

CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

6AI score0.0058EPSS
Exploits0References1
Rows per page
Query Builder