PT-2024-40047 · Ckb · Ckb

Name of the Vulnerable Software and Affected Versions: CKB affected versions not specified Description: An issue allows an adversary to create a message with a compressed size less than the package limit, but with a very large decompressed length, such as 1G. This can cause a node to consume a...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

SUSE CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

The vulnerability of the `tegra_xusb_find_port_node()` function (drivers/phy/tegra/xusb.c) in the NVIDIA Tegra XUSB driver for Linux operating systems allows a hacker to induce a service failure.

The vulnerability of NVIDIA Tegra XUSB Pad’s operating system driver is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the new_node() function (libraw\src\x3f\x3futils_patched.cpp) in the LibRaw image processing library, which allows a hacker to trigger a service failure

The vulnerability of the newnode function libraw\src\x3f\x3futilspatched.cpp in the LibRaw image processing library is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2022-23107 · Frontier · Frontier

Name of the Vulnerable Software and Affected Versions: Frontier affected versions not specified Description: A security issue was discovered affecting the parsing of the RPC result of the exit reason in case of EVM reversion. This issue causes the exit reason to be incorrectly parsed and returned...

Security Bulletin: IBM Netezza as a Service is vulnerable to CVE-2022-0811

Summary IBM Netezza as a Service is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID: CVE-2022-0811 DESCRIPTION: CRI-O could allow a remote...

openshift-origin-node Improper Input Validation vulnerability

Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...

Stark Bank Data Forgery Issue Vulnerability

Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank Ecdsa-node suffers from a Data Forgery Issue vulnerability that stems from the...

UBUNTU-CVE-2021-33587

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

nodejs-mixin-deep: prototype pollution in function mixin-deep

A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and 2.0.0. The mixin-deep function could be used to add or modify properties of the Object.prototype. The highest threat from this vulnerability is to system availability...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS. Multiple uncompleted HTTP/1.1 requests causes the server to be unable to accept new connections...

Advantech WebAccess Node Out-of-Bounds Read Vulnerability

Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition and visualization. It is used to automate complex industrial processes where remote operation is required. An out-of-bounds read vulnerability exists in Advantech WebAccess Node, which can be exploited ...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

Information Disclosure

node is vulnerable to information disclosure attacks. The vulnerability exists through the use of Buffer.alloc, exposing uninitialized memory...

Joyent Node.js and URONode Denial of Service Vulnerability

Joyent Node.js is a set of Joyent's web application platform built on top of Google V8 JavaScript engine. URONode is a wireless node for Linux systems. A denial of service vulnerability exists in Joyent Node.js version 0.3.2 and URONode versions prior to 1.0.5r3. A remote attacker could exploit...

mxml stack resource consumption vulnerability (CNVD-2016-03005)

mxml is an XML language for laying out user interfaces in Adobe Flex. A security vulnerability exists in the mxml-node.c file of mxml. An attacker can exploit the vulnerability with the help of a specially crafted xml file to cause stack resource consumption...