Search CVE reports
221 – 230 of 19515 results
CVE-2024-42934
Low prioritymissing check on the authorization type on incoming LAN messages
1 affected packages
openipmi
Package | 24.04 LTS |
---|---|
openipmi | Needs evaluation |
CVE-2024-36138
Medium priorityBypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2024-36137
Medium priorityA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2023-46809
Medium priorityNode.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2023-39333
Medium priorityMaliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Needs evaluation |
CVE-2023-30587
Medium priorityA vulnerability in Node.js version 20 allows for bypassing restrictions set by the --experimental-permission flag using the built-in inspector module (node:inspector). By exploiting the Worker class's ability to create an...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Not affected |
CVE-2023-30584
Medium priorityA vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of path traversal bypass when verifying file permissions. Please note that at...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Not affected |
CVE-2023-30583
Medium priorityfs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the `--allow-fs-read` flag in Node.js 20. This flaw arises from a missing check in the `fs.openAsBlob()` API. Please...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Not affected |
CVE-2023-30582
Medium priorityA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that...
1 affected packages
nodejs
Package | 24.04 LTS |
---|---|
nodejs | Not affected |
CVE-2024-34158
Medium priorityCalling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
14 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
Package | 24.04 LTS |
---|---|
golang | Not in release |
golang-1.10 | Not in release |
golang-1.13 | Not in release |
golang-1.14 | Not in release |
golang-1.16 | Not in release |
golang-1.17 | Not in release |
golang-1.18 | Not in release |
golang-1.19 | Not in release |
golang-1.20 | Not in release |
golang-1.21 | Needs evaluation |
golang-1.22 | Needs evaluation |
golang-1.6 | Not in release |
golang-1.8 | Not in release |
golang-1.9 | Not in release |