6341 matches found
ACL - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-034
The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. The module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection. As this is an API module, it is only...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 116.0.5845.110, which stemmed from an out-of-bounds read issue in CSS modules...
Code injection
The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...
CVE-2023-32002
The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 16.x, 18.x, and 20.x that stems from the ability to bypass the policy mechanism and define modules other than those given...
SUSE CVE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser allows attackers to circumvent existing security restrictions.
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser is related to security configuration errors. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...
The vulnerability of the web server of the microprogramming software for the processor module control units of Siemens SICAM CP-8031 and CP-8050 allows a hacker to increase their privileges.
The vulnerability of web servers with microprogramming software and Siemens SICAM CP-8031/CP-8050 processor module controllers is related to the use of rigidly encrypted login data. Exploiting this vulnerability can allow attackers to increase their privileges...
Unsanitized user controlled input in module generation
Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...
GHSA-F8PQ-3926-8GX5 Unsanitized user controlled input in module generation
Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...
CLSA-2023-1691606104 openssh: Fix of CVE-2023-38408
CVE-2023-38408: checks libraries before dlopen and separate ssh-pkcs11-helpers for each p11 module...
CLSA-2023-1691576488 Fix CVE(s): CVE-2023-38408
SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser allows a perpetrator to execute arbitrary code.
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
import-in-the-middle has unsanitized user controlled input in module generation
Impact The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an import...
CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...
Node.js Modules Installed (macOS)
Binary data nodejsmodulesmacinstalled.nbin...
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, macOS, watchOS, Safari browser allows a perpetrator to execute arbitrary code.
The vulnerability of the web page rendering modules in WebKitGTK and WPE for iOS, iPadOS, tvOS, macOS, watchOS, and the Safari browser is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-38704
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...
Input validation
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...
CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation
import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...