Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is...

Linux Distros Unpatched Vulnerability : CVE-2015-8858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a regular...

Linux Distros Unpatched Vulnerability : CVE-2016-2216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remo...

Linux Distros Unpatched Vulnerability : CVE-2018-7159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as...

Linux Distros Unpatched Vulnerability : CVE-2020-24660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL- based access control to protected Virtual Hosts by...

Linux Distros Unpatched Vulnerability : CVE-2025-23165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently...

Linux Distros Unpatched Vulnerability : CVE-2021-44532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against...

Linux Distros Unpatched Vulnerability : CVE-2021-22939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers...

Linux Distros Unpatched Vulnerability : CVE-2018-7167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, t...

Linux Distros Unpatched Vulnerability : CVE-2018-21270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number...

Linux Distros Unpatched Vulnerability : CVE-2024-21896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a...

MAL-2025-32926 Malicious code in selper (npm)

The package selper was found to contain malicious code...

MAL-2025-38466 Malicious code in vista-4gera-l3bm1-essence-project (npm)

The package vista-4gera-l3bm1-essence-project was found to contain malicious code...

MAL-2025-27679 Malicious code in nodejs-development-writable-celeste (npm)

The package nodejs-development-writable-celeste was found to contain malicious code...

MAL-2025-15661 Malicious code in biclique (npm)

The package biclique was found to contain malicious code...

MAL-2025-27668 Malicious code in node.js (npm)

The package node.js was found to contain malicious code...

MAL-2025-8565 Malicious code in @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks (npm)

The package @malware-test-coins-guess-felly-nerks/test-mlw3-coins-guess-felly-nerks was found to contain malicious code...

SUSE CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

Linux Distros Unpatched Vulnerability : CVE-2025-7339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being...

tmp 安全漏洞

tmp is a temporary file and directory creator for node.js by the individual developer KARASZI István. A security vulnerability exists in tmp 0.2.3 and earlier versions, which stems from a symbolic link parameter that could lead to arbitrary temporary file or directory writes...