Azure Linux 3.0 Security Update: nodejs (CVE-2024-21890)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21890 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the...

MiracleLinux 8 : nodejs:20 (AXSA:2024-7668:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7668:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

Ubuntu: Security Advisory (USN-7801-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transpor...

TencentOS Server 3: nodejs:20 (TSSA-2024:0109)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0109 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0247: nodejs:20 (ALINUX3-SA-2024:0247)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0247 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-39331: A previously disclosed...

CVE-2025-21890

In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...

CVE-2025-21890

CVE-2025-21890 affects the Linux kernel (idpf driver). The root cause is in idpf_rx_rsc(): it uses skb_transport_offset(skb) before the transport header is set, causing incorrect checksums and triggering a CONFIG_DEBUG_NET warning. The issue has been fixed in the kernel with the referenced commit...

CVE-2025-21890 idpf: fix checksums set in idpf_rx_rsc()

In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...

CVE-2025-21890 idpf: fix checksums set in idpf_rx_rsc()

In the Linux kernel, the following vulnerability has been resolved: idpf: fix checksums set in idpfrxrsc idpfrxrsc uses skbtransportoffsetskb while the transport header is not set yet. This triggers the following warning for CONFIGDEBUGNET=y builds. DEBUGNETWARNONONCE!skbtransportheaderwassetskb...

CVE-2024-21890 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2024-21890 vulnerabilities

Vulnerabilities for packages: nodejs...

Linux Distros Unpatched Vulnerability : CVE-2024-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:...

Linux Distros Unpatched Vulnerability : CVE-2020-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in cljmediasize function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or...

Photon OS 5.0: Nodejs PHSA-2024-5.0-0213

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-5.0-0213. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

K000139577: Node.js vulnerability CVE-2024-21890

Security Advisory Description The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading...

Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...

AlmaLinux 8 : nodejs:20 (ALSA-2024:1687)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1687 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP reques...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...