RHEL 9 : nodejs:20 (RHSA-2024:1688)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1688 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RLSA-2024:1503 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

nodejs:18 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs: code injection and privilege escalation through Linux capabilities

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: vulnerable to timing variant of...

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2024:0732-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0732-1 advisory. - A vulnerability in the privateDecrypt API of the crypto library, allowed a covert timing side-channel during PKCS1 v1.5 padding...

Updated nodejs yarnpkg packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- High CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- High CVE-2023-46809 -...

Node.js 18.x < 18.19.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Wednesday February 14 2024 Security Releases

Wednesday February 14 2024 Security Releases Update 14-February-2024 Security releases available Updates are now available for the v18.x, v20.x and v21.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public...

Medium: containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

Node.js: Code injection and privilege escalation through Linux capabilities

A vulnerability was found in Node.js on Linux where it incorrectly applied an exception for the CAPNETBINDSERVICE capability even when other capabilities were set. This allowed unprivileged users to inject code that inherited elevated privileges of the process...

[SECURITY] [DLA 3369-1] runc security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3369-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler March 27, 2023 https://wiki.debian.org/LTS -...

runc: incorrect handling of inheritable capabilities

A flaw was found in runc, where runc exec --cap executed processes with non-empty inheritable Linux process capabilities. This issue creates an atypical Linux environment and enables programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

SUSE-SU-2022:2341-1 Security update for containerd, docker and runc

This update for containerd, docker and runc fixes the following issues: containerd: - CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API bsc1200145 docker: - Update to Docker 20.10.17-ce. See upstream changelog online at https://docs.docker.com/engine/release-notes/201017...

OESA-2022-1726 docker security update

Docker is an open source project to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers...

buildah: Default inheritable capabilities for linux container should be empty

A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...

UBUNTU-CVE-2022-29162

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where runc exec --cap created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling...

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...