CVE-2024-22017

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-250
View all →

Vulnerability Description

setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.

Related Vulnerabilities

CVE-2019-16767

HIGH
CVSS:7.2(High)

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance (container) is launched with advanced capabilities (not launched as root)

CWE-2502019

CVE-2024-21184

HIGH
CVSS:7.2(High)

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19.3-19.23. Easily exploitable vulnerability allows high privileged at...

CWE-2502024

CVE-2024-35154

HIGH
CVSS:7.2(High)

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted in...

CWE-2502024

CVE-2025-23008

HIGH
CVSS:7.2(High)

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.

CWE-2502025

CVE-2025-23009

HIGH
CVSS:7.2(High)

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.

CWE-2502025

CVE-2024-27147

HIGH
CVSS:7.4(High)

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the refere...

CWE-2502024