Lucene search
+L

105 matches found

RedHat Linux
RedHat Linux
added 2023/03/30 1:6 p.m.41 views

Important: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS7.2AI score0.24928EPSS
Exploits8References14
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:0674-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02023EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2023-0078)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.02023EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.39 views

CBL Mariner 2.0 Security Update: nodejs (CVE-2023-23918)

The version of nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23918 advisory. - A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it...

7.5CVSS7.1AI score0.02023EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2023/03/24 11:56 p.m.20 views

CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1

CVE-2023-23918 affecting package nodejs for versions less than 16.19.1-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8AI score0.02023EPSS
Exploits0
ALT Linux
ALT Linux
added 2023/03/22 12:0 a.m.75 views

Security fix for the ALT Linux 10 package node version 16.19.1-alt1

16.19.1-alt1 built March 22, 2023 Andrey Cherepanov in task 316988 March 13, 2023 Vitaly Lipatov - new version 16.19.1 with rpmrb script - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs...

6.9AI score0.02209EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 5:24 p.m.52 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.10 and earlier

Summary This fix upgrades to nodejs 14.21.3. Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when enable the experimental permissions option with --experimental-policy. By sending a...

7.5CVSS6.8AI score0.02209EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.37 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0715-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0715-1 advisory. Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...

7.5CVSS6.8AI score0.02209EPSS
Exploits2References16
OSV
OSV
added 2023/03/13 9:58 a.m.7 views

SUSE-SU-2023:0715-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

7.5CVSS6.3AI score0.02209EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2023/03/10 12:0 a.m.42 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:0674-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0674-1 advisory. Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...

7.5CVSS6.8AI score0.02023EPSS
Exploits0References7
OSV
OSV
added 2023/03/08 1:28 p.m.11 views

SUSE-SU-2023:0673-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

7.5CVSS6.3AI score0.02209EPSS
Exploits2References12
OSV
OSV
added 2023/03/03 11:2 a.m.10 views

SUSE-SU-2023:0607-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

7.5CVSS6.1AI score0.02023EPSS
Exploits0References5
OSV
OSV
added 2023/03/01 9:14 p.m.12 views

MGASA-2023-0078 Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

7.5CVSS6.2AI score0.02023EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/02/27 12:0 a.m.23 views

Node.js 14.x < 14.21.3, 16.x < 16.19.1, 18.x < 18.14.1, 19.x < 19.6.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.6AI score0.02023EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/27 12:0 a.m.22 views

Node.js 14.x < 14.21.3, 16.x < 16.19.1, 18.x < 18.14.1, 19.x < 19.6.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.5CVSS6.8AI score0.02023EPSS
Exploits0References1
Circl
Circl
added 2023/02/23 10:18 p.m.4 views

CVE-2023-23918

creationtimestamp| type| source ---|---|--- 2023-02-23 22:18:34+00:00| seen| https://t.me/cibsecurity/58811...

7.5CVSS7AI score0.02023EPSS
Exploits0References1
CVE
CVE
added 2023/02/23 12:0 a.m.431 views

CVE-2023-23918

CVE-2023-23918 affects Node.js runtimes prior to certain fixed releases (examples from connected docs include Node.js 14.21.3, 16.19.1, 18.14.2; some entries reference 18.19.x as fixed). The vulnerability allows bypassing the experimental Permissions feature when enabled with --experimental-polic...

7.5CVSS8AI score0.02023EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/02/23 12:0 a.m.71 views

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS8.3AI score0.02023EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/23 12:0 a.m.6 views

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.2AI score0.02023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/02/20 10:29 p.m.44 views

CVE-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS7.7AI score0.02023EPSS
Exploits0References3
Rows per page
Query Builder