6341 matches found
AZL-13776 CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
Privilege escalation
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...
CVE-2023-23918
CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from the presence of an elevation of privilege vulnerability that can be exploited by an attacker to bypass authentication and access unauthorized modules...
The vulnerability of the software for programming Mitsubishi Electric GX Works3 lies in the ability to use strictly encrypted user data, which allows a intruder to obtain information about the project files for security modules on the CPU.
The vulnerability of the software for programming Mitsubishi Electric GX Works3 relates to the possibility of using strictly encrypted user data. Exploiting this vulnerability can allow a malicious actor to obtain information about project files for security modules via the MELSEC protocol...
K83058481: Perl vulnerabilities CVE-2011-1487, CVE-2011-2939, and CVE-2011-3597
Security Advisory Description CVE-2011-1487 The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent...
K18364001: Node.js vulnerability CVE-2017-15896
Security Advisory Description Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS...
K16427: Linux kernel vulnerability CVE-2013-7421
Security Advisory Description The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644. CVE-2013-7421 Impact There is no...
The vulnerability of Dell Container Storage Modules lies in their uncontrolled DLL search path, which allows an attacker to execute arbitrary code.
The vulnerability of the Dell Container Storage Modules relates to an uncontrolled DLL search process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Improper Access Control
nodejs is vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access non authorized modules by using process.mainModule.require function...
SUSE CVE-2023-22490
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...
CVE-2021-33304
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/picofragments.c in function picofragmentsreassemble, allows attackers to execute arbitrary code...
Double free
Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/picofragments.c in function picofragmentsreassemble, allows attackers to execute arbitrary code...
SUSE CVE-2003-0787
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges...
SUSE CVE-2004-0986
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers...
SUSE CVE-2007-0450
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
SUSE CVE-2007-5641
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter to 1 certinfo/index.php, 2 emails/index.php, 3 events/index.php, 4 fax/index.php, 5 files/index.php, 6...
SUSE CVE-2008-2147
Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory...
SUSE CVE-2008-3143
Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...