7910 matches found
CVE-2025-22254
An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...
CVE-2025-22254
An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...
CVE-2025-22254
An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...
CVE-2025-22254
An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...
CVE-2025-22254
CVE-2025-22254 affects Fortinet FortiOS (7.6.0–7.6.1, 7.4.0–7.4.6, 7.2.0–7.2.10, 7.0.0–7.0.16, 6.4.0–6.4.15), FortiProxy (7.6.0–7.6.1, 7.4.0–7.4.7) and FortiWeb (7.6.0–7.6.1, 7.4.0–7.4.6). Root cause: Improper Privilege Management (CWE-269) allowing an authenticated user with at least read-only a...
PT-2025-24714 · Fortinet +1 · Fortiproxy +3
Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.6.0 through 7.6.1 Fortinet FortiOS versions 7.4.0 through 7.4.6 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.0.0 through 7.0.16 Fortinet FortiOS version before 6.4.15 FortiProxy versio...
Important: nodejs20
Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...
Fortinet FortiWeb Privilege escalation in GUI websocket module (FG-IR-25-006)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-006 advisory. - An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through...
Important: nodejs22
Issue Overview: Corrupted pointer in node::fs::ReadFileUtf8const FunctionCallbackInfo& args when args0 is a string, resulting in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Info:...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Node.js dicer module denial of service (CVE-2022-24434)
Summary Potential vulnerabilities in Node.js dicer module CVE-2022-24434 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: This affects all versions of package dicer. A malicious attacker can send a modified form to server, and cra...
RHSA-2025:8506 Red Hat Security Advisory: nodejs:22 security update
Bulletin has no description...
RHEL 10 : nodejs22 (RHSA-2025:8493)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8493 advisory. Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an...
RHEL 10 : nodejs22 (RHSA-2025:7502)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7502 advisory. Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven...
nodejs: Improper HTTP Header Termination in Node.js 20 Enables Request Smuggling
A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \r\n\rX instead of the standard \r\n\r\n...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: nodejs:22 security update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS
A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...
RHSA-2025:8493 Red Hat Security Advisory: nodejs22 security update
Bulletin has no description...