10 matches found
CVE-2026-21711
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...
CVE-2025-68428 jsPDF has Local File Inclusion/Path Traversal vulnerability
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file...
CVE-2025-68428 jsPDF has Local File Inclusion/Path Traversal vulnerability
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated PDFs. Workaround This vulnerability can be...
CVE-2021-46908
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypassspecv1 flag instead of...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypassspecv1 flag instead of...
CVE-2021-46908
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypassspecv1 flag instead of...
CVE-2021-46908 bpf: Use correct permission flag for mixed signed bounds arithmetic
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypassspecv1 flag instead of...
CVE-2021-46908 bpf: Use correct permission flag for mixed signed bounds arithmetic
In the Linux kernel, the following vulnerability has been resolved: bpf: Use correct permission flag for mixed signed bounds arithmetic We forbid adding unknown scalars with mixed signed bounds due to the spectre v1 masking mitigation. Hence this also needs bypassspecv1 flag instead of...
UVI-2021-1000011 bpf: Use correct permission flag for mixed signed bounds arithmetic
bpf: Use correct permission flag for mixed signed bounds arithmetic This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...