16 matches found
CVE-2026-21711
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...
EUVD-2023-1626
Malicious code in bioql PyPI...
Security update for chromium, gn (important)
openSUSE Security Update: Security update for chromium, gn Announcement ID: openSUSE-SU-2025:0337-1 Rating: important References: 1249093 Cross-References: CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes four...
GHSA-JV4X-JV3H-QFF5 Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...
PT-2025-23906 · Crates.Io · Deno
Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...
CVE-2023-33966
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2022-20556
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not neede...
GHSA-VC52-GWM3-8V2F Missing "--allow-net" permission check for built-in Node modules
Impact Outbound HTTP requests made using the built-in "node:http" or "node:https" modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0...
CVE-2023-33966
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
Design/Logic Flaw
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2023-33966
Deno 1.34.0 and deno_runtime 0.114.0 allow outbound HTTP requests via built-in node:http/node:https without checking the network allow-list. This affects dependencies using these modules. The issue is patched in Deno v1.34.1 and deno_runtime 0.114.1; update all affected installations. Deno Deploy...
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...
CVE-2022-20341
In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. This could lead to local information disclosure of tethering interfaces with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-32619
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...