[SECURITY] Fedora 42 Update: vgrep-2.8.0-4.fc42

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

nodejs: fs.lstat bypasses permission model

A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to...

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from an inadequate permissions model, which allows an attacker to retrieve statistical information from files that do not have explicit read permissions...

[SECURITY] Fedora 35 Update: vgrep-2.5.6-2.fc35

vgrep is a pager for grep, git-grep, ripgrep and similar grep implementations, and allows for opening the indexed file locations in a user-specified editor such as vim or emacs. vgrep is inspired by the ancient cgvg scripts but extended to perform further operations such as listing statistics of...

Snyk wc-cmd Command Injection Vulnerability

Snyk wc-cmd is an application from Snyk Corporation that provides statistics on the number of bytes, words, and lines in a given file, and displays the results as output. A command injection vulnerability exists in wc-cmd, which originates from a command injection attack on the index.js file...