Lucene search
K

29 matches found

Snyk
Snyk
added 2026/06/19 7:34 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the group parsing process. An attacker can cause memory exhaustion and disrupt the container runtime API by supplying a maliciously crafted image that triggers unbounded parsing,...

6.9CVSS5.9AI score0.00317EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.3 views

Astra Linux – Vulnerability in Node.js

A security flaw in Node.js allows for bypassing network import restrictions. By embedding non-network-related imports within data URLs, attackers can execute arbitrary code, compromising system security. This vulnerability has been confirmed on various platforms. It can be mitigated by prohibitin...

6.5CVSS6.9AI score0.01104EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-19626

Malicious code in bioql PyPI...

6.5CVSS6.9AI score0.01104EPSS
Exploits0References3
Debian
Debian
added 2025/08/29 6:10 p.m.7 views

[SECURITY] [DSA 5991-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2025 https://www.debian.org/security/faq -...

8.2CVSS8.1AI score0.87211EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/29 12:0 a.m.3 views

Debian dsa-5991 : libnode-dev - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5991 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/securit...

8.2CVSS7.4AI score0.87211EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 3: nodejs:18 (TSSA-2024:0766)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0766 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

6.5CVSS7AI score0.01104EPSS
Exploits1References3
OSV
OSV
added 2025/05/16 1:25 p.m.2 views

OESA-2025-1527 cobbler security update

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.1AI score0.88482EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.3 views

PT-2025-12217 · Ollama · Ollama

Name of the Vulnerable Software and Affected Versions: ollama/ollama version v0.3.3 Description: A divide by zero issue exists when importing GGUF models with a crafted type for block count in the Modelfile, leading to a denial of service DoS condition that causes the server to crash...

9.8CVSS7.2AI score0.00825EPSS
Exploits4References21
AlpineLinux
AlpineLinux
added 2025/03/17 10:15 p.m.3 views

CVE-2024-40635

containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...

7.8CVSS6.7AI score0.00275EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2024-22020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...

6.5CVSS7.4AI score0.01104EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/14 12:0 a.m.9 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References2
OSV
OSV
added 2024/12/16 1:54 p.m.21 views

BIT-NODE-MIN-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.18 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.23 views

RHEL 9 : nodejs:18 (RHSA-2024:6147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6147 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.18 views

RHEL 9 : nodejs:20 (RHSA-2024:5815)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5815 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.5AI score0.01104EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.19 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-749)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-749 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...

6.5CVSS6.8AI score0.01104EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2024/08/26 8:36 a.m.2 views

nodejs: Bypass network import restriction via data URL

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References5
OSV
OSV
added 2024/07/11 7:28 a.m.13 views

BIT-NODE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.1AI score0.01104EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/07/10 3:36 a.m.3 views

SUSE CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.9AI score0.01104EPSS
Exploits0References8
OSV
OSV
added 2024/07/09 2:15 a.m.18 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

7.2AI score
Exploits0References4
Rows per page
Query Builder