62 matches found
MiracleLinux 9 : nodejs-16.20.2-1.el9 (AXSA:2023-6490:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6490:04 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
RLSA-2023:5360 Important: nodejs:16 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...
Ubuntu: Security Advisory (USN-6822-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6822-1: Node.js vulnerabilities
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...
openSUSE: Security Advisory for nodejs14 (SUSE-SU-2023:3408-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2023:3379-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5589-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq -...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32559 Vulnerability Details CVEID:CVE-2023-32559 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of the deprecated API...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass
Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...
RLSA-2023:5532 Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
Rocky Linux 9 : nodejs (RLSA-2023:5532)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5532 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerabilit...
Oracle Linux 9 : nodejs (ELSA-2023-5532)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5532 advisory. 1:16.20.2-1 - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 Tenable has extracted the preceding description block directly...
nodejs security and bug fix update
1:16.20.2-1 - Update to 16.20.2-1 Resolves CVE-2023-32002 CVE-2023-32006 CVE-2023-32559...
AlmaLinux 9 : nodejs (ALSA-2023:5532)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5532 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability...
Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 9 : nodejs (RHSA-2023:5532)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5532 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
ALSA-2023:5532 Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
Important: nodejs security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs: Permissions policies can impersonate other modules in using...
Rocky Linux 9 : nodejs:18 (RLSA-2023:5363)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5363 advisory. - Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted us...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.17.1-1 - Rebase to version 18.17.1 Resolves: rhbz2228940 Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 - Specify proper OpenSSL configuration section build Related: rhbz2226726 nodejs-nodemon 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883 nodejs-packaging...