4417 matches found
Oracle Linux 8 : nodejs:22 (ELSA-2025-4459)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4459 advisory. - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300 Tenable has extracted the preceding description block directly from the Oracle Linux securit...
[SECURITY] Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42
A fast, disk space efficient package manager for NodeJS...
[SECURITY] Fedora 41 Update: nodejs-pnpm-10.9.0-1.fc41
A fast, disk space efficient package manager for NodeJS...
[SECURITY] Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40
A fast, disk space efficient package manager for NodeJS...
Fedora 41 : nodejs-bash-language-server / nodejs-pnpm (2025-d4cc30bdfb)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-d4cc30bdfb advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...
Fedora 40 : nodejs-bash-language-server / nodejs-pnpm (2025-f68a9b835d)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f68a9b835d advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...
Debian: Security Advisory (DLA-4152-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4152-1] nodejs security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 02, 2025 https://wiki.debian.org/LTS -...
UBUNTU-CVE-2025-47153
Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs20.19.0+dfsg-2i386.deb for Debian GNU/Linux, have an inconsistent offt size e.g., building on i386 Debian always uses FILEOFFSETBITS=64 for the libuv dynamic library, but uses the...
Ubuntu: Security Advisory (USN-7469-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7469-3 nodejs vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issu...
Medium: nodejs20
Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...
CVE-2025-46328
CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...
CVE-2025-46328 NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided...
GHSA-WMJQ-JRM2-9WFR NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
NodeJS Driver for Snowflake has race condition when checking access to Easy Logging configuration file
Issue Snowflake discovered and remediated a vulnerability in the NodeJS Driver for Snowflake “Driver”. When using the Easy Logging feature on Linux and macOS the Driver didn’t correctly verify the permissions of the logging configuration file, potentially allowing an attacker with local access to...
Snowflake snowflake-connector-nodejs 安全漏洞
Snowflake snowflake-connector-nodejs is a Snowflake connector for NODEJS from Snowflake, Inc. A security vulnerability exists in Snowflake snowflake-connector-nodejs versions prior to 1.10.0 through 2.0.4, which stems from a TOCTOU competitive condition that could result in log configuration bein...
PT-2025-18122 · Snowflake · Snowflake-Connector-Nodejs
Name of the Vulnerable Software and Affected Versions: snowflake-connector-nodejs versions 1.10.0 through 2.0.4 Description: The issue concerns a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the driver reads logging configuration from...
CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7
CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7. A patched version of the package is available...
Azure Linux 3.0 Security Update: nodejs / python-jinja2 (CVE-2020-28493)
The version of nodejs / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28493 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is...