Ubuntu: Security Advisory (USN-6491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nodejs: path traversal through path stored in Uint8Array

Various node:fs functions allow specifying paths as either strings or Uint8Array objects. In Node.js environments, the Buffer class extends the Uint8Array class. Node.js prevents path traversal through strings see CVE-2023-30584 and Buffer objects see CVE-2023-32004, but not through non-Buffer...

nodejs: permission model improperly protects against path traversal

A previously disclosed vulnerability CVE-2023-30584 was patched insufficiently. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations...

nodejs: integrity checks according to policies can be circumvented

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

Malicious code in resume-sourcing-nodejs-client-credentials (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 63bf870804a0bc378ff856c7e19723430ff40b603bebd5c485f101b20ae69e12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rocky Linux 8 : nodejs:10 (RLSA-2020:2848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2848 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

Rocky Linux 8 : nodejs:12 (RLSA-2020:1293)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1293 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...

Rocky Linux 8 : nodejs:10 (RLSA-2020:1317)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1317 advisory. - An issue was discovered in International Components for Unicode ICU for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exist...

Rocky Linux 8 : nodejs:16 (RLSA-2023:4034)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen...

Rocky Linux 9 : nodejs:18 (RLSA-2022:8832)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8832 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand functio...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-412)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-412 advisory. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy...

Malicious code in ironfish-rust-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c72ce118b54d6f7c389cffe8b206419fdb96d698e61557ce25e5240a5ca6c38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8419 Malicious code in ironfish-rust-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c72ce118b54d6f7c389cffe8b206419fdb96d698e61557ce25e5240a5ca6c38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu: Security Advisory (USN-6457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mailchecker - Cross-language Temporary (Disposable/Throwaway) Email Detection Library. Covers 55 734+ Fake Email Providers

Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email uses validator.js email regex underneath and FILTERVALIDATEEMAIL for PHP Validate if the email is not a temporary mail yopmail-like..., add your own dataset to list.txt...

Tenable Identity Exposure < 3.42.17 Multiple Vulnerabilities (TNS-2023-33)

According to its self-reported version, the Tenable Identity Exposure running on the remote host is prior to 3.42.17. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-33 advisory. Tenable Identity Exposure leverages third-party software to help provide underlyi...

SUSE-SU-2023:4207-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

Rocky Linux 9 : nodejs (RLSA-2023:5765)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...