86 matches found
MiracleLinux 8 : nodejs:18 (AXSA:2022-4553:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4553:01 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548...
MiracleLinux 9 : nodejs:18 (AXSA:2023-4944:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4944:01 advisory. nodejs-minimatch: ReDoS via the braceExpand function CVE-2022-3517 nodejs: DNS rebinding in inspect via invalid octal IP address CVE-2022-43548...
openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-6491-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Node.js vulnerabilities (USN-6491-1)
The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6491-1 advisory. Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening...
Rocky Linux 9 : nodejs:18 (RLSA-2022:8832)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8832 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand functio...
Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2023:0321)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0321 advisory. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 - A vulnerability was found in the...
Vulnerabilities fixed in Oracle JD Edwards
Vulnerabilities have been fixed in Oracle JD Edwards products. A malicious party could exploit the vulnerabilities to gain access to sensitive data, or to execute arbitrary code with permissions of the application. Oracle has fixed the vulnerabilities in the following products: - JD Edwards...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)
Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919. Node.js has been upgraded in IBM Planning Analytics Workspace to...
Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548
Summary Node.js open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-43548. The fix updates Node.js to 18.12.1 Vulnerability Details CVEID:CVE-2022-43548 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an...
K000133494: Node.js vulnerability CVE-2022-43548
Security Advisory Description A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests...
Important: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 8 : nodejs:14 (RHSA-2023:1533)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Important: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CBL Mariner 2.0 Security Update: nodejs (CVE-2022-43548)
The version of nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43548 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an...
Security fix for the ALT Linux 10 package node version 16.18.1-alt1
16.18.1-alt1 built March 18, 2023 Andrey Cherepanov in task 310327 Nov. 23, 2022 Vitaly Lipatov - new version 16.18.1 with rpmrb script - CVE-2022-43548: DNS rebinding in --inspect via invalid octal IP address Medium...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)
Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-43548. Angular is a JavaScript framework that extends HTML CVE-2020-7676. Logback is a logging library for Java CVE-2021-42550. Golang Go...
[SECURITY] [DLA 3344-1] nodejs security update
Debian LTS Advisory DLA-3344-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2023 https://wiki.debian.org/LTS Package : nodejs Version : 10.24.0dfsg-1deb10u3 CVE ID : CVE-2022-43548 CVE-2023-23920 Debian Bug : 1023518 1031834 Vulnerabilities have bee...
Debian dla-3344 : libnode-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3344 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3344-1 [email protected]...
SUSE: Security Advisory (SUSE-SU-2023:0419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...