13 matches found
BIT-NODE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
Azure Linux 3.0 Security Update: nodejs (CVE-2025-23165)
The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23165 advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-1...
Linux Distros Unpatched Vulnerability : CVE-2024-57520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the actioncreateconfig function. NOTE: this is dispute...
CVE-2025-23122
CVE-2025-23122 is a duplicate entry of CVE-2025-23165 and is not an active vulnerability on its own. Connected sources provide concrete details for CVE-2025-23165: in Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file when a UTF-16 path buffer is ov...
CVE-2024-57520
CVE-2024-57520 affects Asterisk v22 with an Insecure Permissions vulnerability in the action_createconfig function that could allow a remote attacker to execute arbitrary code. The supplier disputes the impact, noting the effect may be limited to creating empty files outside the Asterisk product ...
CVE-2025-23083
With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...
CVE-2024-53566
An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...
CVE-2024-53566
An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...
CVE-2024-53566
An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...
MAL-2023-8776 Malicious code in discord.js-self-v22 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 672d9ccd18153a9163f1f9a63ec5d765f412cf86a198d526fb04ecc5aa6eab3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-37192
Bitcoin Core (v22) is affected by a memory management/protection issue that allows an attacker to modify the stored sending address in the application’s memory, potentially redirecting transactions to wallets of the attacker’s choosing. The vulnerability concerns the core wallet handling path and...
CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry
Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...
V22 Osprey Flight Simulator - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application V22 Osprey Flight Simulator published at the 'play' market has multiple vulnerabilities...