4420 matches found
Ateme TITAN File 3.9 - SSRF File Enumeration
Exploit Title: Ateme TITAN File 3.9 - SSRF File Enumeration Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD,...
Mageia: Security Advisory (MGASA-2023-0226)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Memory Leak
inflight is vulnerable to a Memory Leak. The vulnerability is due to lack of restrictions on how many callbacks the library can concurrently support, which can result in a NodeJS out of heap memory crash...
PT-2023-3541
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.10.0 Description vm2 is an advanced sandbox for Node.js. A flaw in the sanitization of the Promise handler allows the @@species accessor property to be bypassed. This enables attackers who already have arbitrary code...
Critical Photon OS Security Update - PHSA-2023-3.0-0606
Updates of 'linux-aws', 'linux-rt', 'linux-esx', 'nodejs', 'linux-secure', 'nginx-ingress', 'ntp', 'kube-bench', 'linux', 'nxtgn-openssl' packages of Photon OS have been released...
GHSA-72XF-G2V4-QVF3 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-26136 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-CGGH-PQ45-6H9X vulnerabilities
Vulnerabilities for packages: nodejs...
AZL-27279 CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...
CVE-2023-30589 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30589 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30586 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2023-30586 vulnerabilities
Vulnerabilities for packages: nodejs...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from loading an arbitrary OpenSSL engine when enabling an experimental privilege model, which can bypass and/or disable the privilege model...
Critical Photon OS Security Update - PHSA-2023-4.0-0417
Updates of 'binutils-aarch64-linux-gnu', 'nodejs', 'docker-compose', 'ntp', 'samba-client', 'kube-bench', 'protobuf', 'libtiff', 'bindutils', 'binutils', 'libXi', 'libarchive' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2023-5.0-0041
Updates of 'dnsmasq', 'telegraf', 'nodejs', 'openssl' packages of Photon OS have been released...
SUSE-SU-2023:2663-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
SUSE-SU-2023:2662-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.proto Bypass Experimental Policy Mechanism bsc1212574. - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process...
Internet Bug Bounty: DiffieHellman doesn't generate keys after setting a key
A security vulnerability was discovered in the DiffieHellman module of Node.js. The module did not generate new keys after setting a private key, potentially leading to the reuse of nonces and compromising security measures such as forward secrecy and IND-CPA...
nodejs:18 security update
An update is available for module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform...