54 matches found
MiracleLinux 8 : nodejs:18 (AXSA:2023-6339:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6339:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...
MiracleLinux 9 : nodejs-16.20.1-1.el9 (AXSA:2023-6283:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6283:02 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...
Linux Distros Unpatched Vulnerability : CVE-2023-30590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none...
Ubuntu: Security Advisory (USN-6735-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6735-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6735-1 advisory. It was discovered that Node.js incorrectly handled the use of invalid public keys while creating ...
[SECURITY] [DLA 3776-1] nodejs security update
Debian LTS Advisory DLA-3776-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 26, 2024 https://wiki.debian.org/LTS Package : nodejs Version : 10.24.0dfsg-1deb10u4 CVE ID : CVE-2023-30590 CVE-2023-46809 CVE-2024-22025 Debian Bug : 1039990 1064055...
Debian dla-3776 : libnode-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3776 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3776-1 [email protected]...
openSUSE: Security Advisory for nodejs14 (SUSE-SU-2023:3408-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 9 : nodejs-16.20.1-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.20.1-1.el9 build changelog. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json...
[SECURITY] [DSA 5589-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq -...
CVE-2023-30590 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30590 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...
CVE-2023-30590
CVE-2023-30590 concerns Node.js: the generateKeys() API of crypto.createDiffieHellman() only generates a private key when none is set, yet docs claim it generates both private and public DH keys. Multiple advisories (Debian DLA/DSA, Gentoo GLSA, AlmaLinux errata) reference this vulnerability and ...
Security Bulletin: IBM DataPower Gateway vulnerable to multiple issues in Node.js
Summary IBM has addressed the following CVEs that could affect the API Gateway Director, and in version 10.5. only the New UI Vulnerability Details CVEID:CVE-2023-30588 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by invalid public key information in x509 certificates. By...
Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RLSA-2023:4536 Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18.16.1. BZ2223630, BZ2223631, BZ2223632, BZ2223633, BZ2223635, BZ2223642 Security Fixes: nodejs...