RLSA-2023:7205 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

The vulnerability of the WebAssembly module of the Node.js software platform, allowing a hacker to execute arbitrary commands

The vulnerability of the WebAssembly module in the Node.js software platform is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

WebAssembly Micro Runtime Security Vulnerability

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

nodejs: code injection via WebAssembly export names

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2023:7205 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: permission model improperly...

Fedora 39 : nodejs20 (2023-7b52921cae)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7b52921cae advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Fedora 39 : nodejs18 (2023-dbe64661af)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dbe64661af advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-412)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-412 advisory. When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy...

Important: nodejs

Issue Overview: When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability...

SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4207-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4207-1 advisory. - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie...

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render...

Fedora 38 : nodejs20 (2023-4d2fd884ea)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d2fd884ea advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Fedora 37 : nodejs18 (2023-e9c04d81c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Fedora 37 : nodejs20 (2023-f66fc0f62a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f66fc0f62a advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Fedora 38 : nodejs18 (2023-d5030c983c)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d5030c983c advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

CVE-2023-46331

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange, which lead to segmentation fault...

PYSEC-2023-319

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange, which lead to segmentation fault...

CVE-2023-46331

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange, which lead to segmentation fault...

DEBIAN-CVE-2023-46331

WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange, which lead to segmentation fault...