Astra Linux - уязвимость в node-babel

Babel is a compiler for writing JavaScript code. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4, as well as all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, especially...

CVE-2026-46586 Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy Code Execution

Improper Control of Generation of Code 'Code Injection', Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issu...

CVE-2021-47864

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

CVE-2021-47864

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

CVE-2021-47864

CVE-2021-47864 affects OSAS Traverse Extension 11. The unquoted service path vulnerability is in TravExtensionHostSvc running with LocalSystem privileges. Exploitation could allow an attacker to place executable files in the service’s path to inject and execute code, potentially gaining elevated ...

CVE-2021-47864 OSAS Traverse Extension 11 - 'travextensionhostsvc' Unquoted Service Path

OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in the service's path, potentially gaining...

OSAS Traverse Extension code issue vulnerability

OSAS Traverse Extension is a functional extension module developed by OSAS Corporation. Version 11 of OSAS Traverse Extension contains a code vulnerability. This vulnerability stems from an unquoted service path within the TravExtensionHostSvc service, which may allow attackers to execute malicio...

An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.

...

Linux Distros Unpatched Vulnerability : CVE-2023-45133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to...

CVE-2024-7038

CVE-2024-7038 describes an information disclosure in open-webui v0.3.8 where the embedding model update feature under admin settings reveals different error messages based on file existence/configuration. This enables an attacker to enumerate file names and traverse directories, exposing sensitiv...

CVE-2024-4576 TIBCO EBX File Inclusion Vulnerability

The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information...

Security Bulletin: IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133

Summary IBM Maximo Application Suite uses traverse-7.20.13.tgz which is vulnerable to CVE-2023-45133. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary cod...

Siemens SCALANCE LPE9403 Incorrect Permission Assignment for Critical Resource (CVE-2021-41091)

A vulnerability was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included...

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...

Security Bulletin: Babel-traverse is vulnerable to CVE-2023-45133 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses babel-traverse which is vulnerable to CVE-2023-45133. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute...

Security Bulletin: IBM Storage Fusion may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerability...

SUSE CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that re...

Debian DSA-5528-1 : node-babel7 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5528 advisory. - Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile...

urdfjsx (>=0.1.3 <=0.1.4), vite-plugin-vue-css-modules (>=3.1.4 <=4.0.1) potentially affected by CVE-2023-45133 via @babel/traverse (>=8.0.0-alpha.11 <=8.0.0-alpha.2)

@babel/traverse NPM version =8.0.0-alpha.11, =0.1.3, =3.1.4, =4.0.1 Source cves: CVE-2023-45133 Source advisory: OSV:GHSA-67HX-6X53-JW92...

1st (>=0.1.0 <=0.1.45), 4paradigm_robot_service (>=0.0.1 <=0.0.16) +6390 more potentially affected by CVE-2023-45133 via @babel/traverse (>=7.0.0-beta.31 <=7.23.0)

@babel/traverse NPM version =7.0.0-beta.31, =0.1.0, =0.0.1, =0.0.0, =0.0.2, =0.0.1, =0.6.0, =0.0.1, =0.0.2, =0.0.0-manual.7283bbad, =0.28.1, =0.37.0-beta-5 - @accio-cms/server =0.0.6 - @acentswap/ace-sdk =10.4.0 and more Source cves: CVE-2023-45133 Source advisory: OSV:GHSA-67HX-6X53-JW92...