Show filters
1,065 Total Results
Displaying 111-120 of 1,065
Sort by:
Attacker Value
Unknown
CVE-2023-32003
Disclosure Date: August 15, 2023 (last updated February 25, 2025)
`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.
This vulnerability affects all users using the experimental permission model in Node.js 20.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
0
Attacker Value
Unknown
CVE-2021-29057
Disclosure Date: August 11, 2023 (last updated February 25, 2025)
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.
0
Attacker Value
Unknown
CVE-2023-37920
Disclosure Date: July 25, 2023 (last updated February 25, 2025)
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
0
Attacker Value
Unknown
CVE-2023-2850
Disclosure Date: July 25, 2023 (last updated February 25, 2025)
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
0
Attacker Value
Unknown
CVE-2023-26045
Disclosure Date: July 24, 2023 (last updated February 25, 2025)
NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.
0
Attacker Value
Unknown
CVE-2023-32257
Disclosure Date: July 24, 2023 (last updated February 25, 2025)
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
0
Attacker Value
Unknown
CVE-2023-38432
Disclosure Date: July 18, 2023 (last updated February 25, 2025)
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.
0
Attacker Value
Unknown
CVE-2023-38431
Disclosure Date: July 18, 2023 (last updated February 25, 2025)
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.
0
Attacker Value
Unknown
CVE-2023-38430
Disclosure Date: July 18, 2023 (last updated February 25, 2025)
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
0
Attacker Value
Unknown
CVE-2023-38428
Disclosure Date: July 18, 2023 (last updated February 25, 2025)
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.
0