Lucene search
+L

74 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21891)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21891 advisory. - Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, whi...

8.8CVSS5.6AI score0.01245EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-21896)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21896 advisory. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths giv...

9.8CVSS5.5AI score0.01262EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-19624

Malicious code in bioql PyPI...

2.9CVSS5.9AI score0.00458EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-36333

Malicious code in bioql PyPI...

3.3CVSS5.9AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36292

Malicious code in bioql PyPI...

8.8CVSS7.3AI score0.01817EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19502

Malicious code in bioql PyPI...

8.8CVSS7.1AI score0.01245EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-36137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission...

3.3CVSS6.1AI score0.00395EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-22018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises fro...

2.9CVSS6.2AI score0.00458EPSS
Exploits0References3
OSV
OSV
added 2025/05/16 1:24 p.m.7 views

OESA-2025-1519 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js...

3.3CVSS7AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1200 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:33 p.m.5 views

OESA-2025-1199 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:58 p.m.23 views

BIT-NODE-MIN-2023-30587

A vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module node:inspector. By exploiting the Worker class's ability to create an "internal worker" with the kIsInternal Symbol, attackers can modify the...

7.5CVSS7.3AI score0.00747EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:55 p.m.18 views

BIT-NODE-MIN-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

8.8CVSS7.7AI score0.01245EPSS
Exploits0References7
OSV
OSV
added 2024/12/16 1:54 p.m.14 views

BIT-NODE-MIN-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS5AI score0.00458EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.22 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
NVD
NVD
added 2024/09/07 4:15 p.m.48 views

CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

5.3CVSS0.0058EPSS
Exploits0References2
NVD
NVD
added 2024/09/07 4:15 p.m.28 views

CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS0.00395EPSS
Exploits0References2
OSV
OSV
added 2024/09/07 4:15 p.m.6 views

ALPINE-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS6.8AI score0.00395EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/09/07 4:0 p.m.21 views

CVE-2023-30582

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non- argument. This flaw arises from an inadequate permission model that fails to restrict file watching through the fs.watchFile API. As a...

6AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2024/09/07 4:0 p.m.157 views

CVE-2024-36137

Node.js CVE-2024-36137 affects users of the experimental permission model with --allow-fs-write. The issue allows operations such as fs.fchown/fs.fchmod to change file owner/permissions via a read-only file descriptor, bypassing intended restrictions. Public advisories (including ALAS/Gentoo/Debi...

3.3CVSS6.6AI score0.00395EPSS
Exploits0References2
Rows per page
Query Builder