29 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the group parsing process. An attacker can cause memory exhaustion and disrupt the container runtime API by supplying a maliciously crafted image that triggers unbounded parsing,...
Astra Linux – Vulnerability in Node.js
A security flaw in Node.js allows for bypassing network import restrictions. By embedding non-network-related imports within data URLs, attackers can execute arbitrary code, compromising system security. This vulnerability has been confirmed on various platforms. It can be mitigated by prohibitin...
EUVD-2024-19626
Malicious code in bioql PyPI...
[SECURITY] [DSA 5991-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 29, 2025 https://www.debian.org/security/faq -...
Debian dsa-5991 : libnode-dev - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5991 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5991-1 [email protected] https://www.debian.org/securit...
TencentOS Server 3: nodejs:18 (TSSA-2024:0766)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0766 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
OESA-2025-1527 cobbler security update
Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...
PT-2025-12217 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: ollama/ollama version v0.3.3 Description: A divide by zero issue exists when importing GGUF models with a crafted type for block count in the Modelfile, leading to a denial of service DoS condition that causes the server to crash...
CVE-2024-40635
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as roo...
Linux Distros Unpatched Vulnerability : CVE-2024-22020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...
CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)
The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...
BIT-NODE-MIN-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-768)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-768 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...
RHEL 9 : nodejs:18 (RHSA-2024:6147)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6147 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 9 : nodejs:20 (RHSA-2024:5815)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5815 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-749)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-749 advisory. A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model...
nodejs: Bypass network import restriction via data URL
A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security...
BIT-NODE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
SUSE CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...
CVE-2024-22020
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...