Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Networking. The supported versions affected by this vulnerability are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3....

EUVD-2026-17174

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

ALPINE-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

UBUNTU-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

EUVD-2022-5055

Malicious code in bioql PyPI...

RHSA-2025:1443 Red Hat Security Advisory: nodejs:20 security update

Bulletin has no description...

BIT-NODE-MIN-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

Video Downloader 安全漏洞

Video Downloader is a video downloading application. A security vulnerability exists in Video Downloader version 20-30.05.24. An attacker can exploit this vulnerability to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

Docker AuthZ Plugin Bypass Vulnerability (GHSA-v23v-6jw2-98fq)

Docker is prone to an AuthZ plugin bypass vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:docker:docker";...

Node.js Multiple Vulnerabilities (Apr 2024) - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

UBUNTU-CVE-2024-21891

Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experiment...

PT-2023-9601 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A vulnerability has been discovered in the experimental permission model of Node.js, specifically related to improper handling of Buffers in file system APIs, causing a traversal path to bypass when verifying...

Node.js: fs.mkdtemp() and fs.mkdtempSync() are missing getValidatedPath() checks.

A vulnerability was found in the fs.mkdtemp and fs.mkdtempSync functions in Node.js 20, which allowed malicious actors to bypass the permission model check and create arbitrary directories...

Mozilla Firefox Security Advisory (MFSA2013-39) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2013-40) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Moderate: Red Hat Security Advisory: Red Hat Certificate System security and bug fix update

An update for pki-console, pki-core, and redhat-pki-theme is now available for Red Hat Certificate System 9.4 EUS. Red Hat Certificate System 9.4 EUS is a special channel for the delivery of Red Hat Certificate System updates. Downgrading the installed packages is not supported. Red Hat Product...

DH2i DxEnterprise and DxOdyssey Path Traversal Vulnerability

DH2i DxEnterprise and DH2i DxOdyssey are both products of DH2i, Inc.DH2i DxEnterprise is a Docker-based application that provides container management, database management, and other functionality for a variety of platforms.DH2i DxOdyssey is a Vpn software for secure connectivity. A path traversa...

Remote code execution

JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...

Google Releases Chrome 20 With Fixes for 20 Security Vulnerabilities

Google has released version 20 of its Chrome browser, and has fixed a nice, symmetrical 20 flaws in the browser, including 13 high-risk bugs. Google also paid out $8,000 in rewards to researchers who reported bugs. A large number of the bugs fixed in Chrome 20 are use-after-free vulnerabilities i...