4 matches found
MiracleLinux 9 : nodejs:20 (AXSA:2024-8726:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8726:01 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs:...
Rocky Linux 9 : nodejs:20 (RLSA-2024:5815)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5815 advisory. nodejs: Bypass network import restriction via data URL CVE-2024-22020 nodejs: fs.lstat bypasses permission model CVE-2024-22018 nodejs: fs.fchown/fchmod...
Authorization Bypass
Overview Affected versions of this package are vulnerable to Authorization Bypass via fs.fchown or fs.fchmod operations which can use a "read-only" file descriptor to change the owner and permissions of a file. Note: This is only exploitable for users using the experimental permission when the...
Linux systemd Symlink Dereference Via chown_one() Exploit
Linux suffers from an issue with systemd where chownone can dereference symlinks. systemd: chownone can dereference symlinks CVE-2018-15687 I am sending this bug report to Ubuntu, even though it's an upstream bug, as requested at...