Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.3 views

nodejs: Nodejs filesystem permissions bypass

A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...

5.3CVSS5.7AI score0.00227EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/01/20 9:16 p.m.7 views

CVE-2025-55132

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-only...

5.3CVSS6.7AI score0.00227EPSS
Exploits0References2
Mageia
Mageia
added 2026/01/17 2:48 a.m.11 views

Updated nodejs packages fix security vulnerabilities

Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...

9.1CVSS6.9AI score0.03782EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-55132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via futimes even when the process has only read permission...

5.3CVSS6.5AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-3360

Name of the Vulnerable Software and Affected Versions Node.js versions affected versions not specified Description A flaw in Node.js TLS error handling can allow remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thro...

9.8CVSS6.7AI score0.01056EPSS
Exploits0References369
Hacker One
Hacker One
added 2025/10/19 2:58 p.m.9 views

Node.js: fs.futimes() Bypasses Read-Only Permission Model

A flaw in Node.js's permission model was discovered that allowed a file's access and modification timestamps to be changed via futimes even when the process had only read permissions. Unlike utimes, futimes did not apply the expected write-permission checks, which meant file metadata could be...

5.3CVSS6.6AI score0.00227EPSS
Exploits0
Rows per page
Query Builder