Lucene search
+L

52 matches found

nessus
nessus
added 2025/06/16 12:0 a.m.6 views

TencentOS Server 3: nodejs (TSSA-2022:0014)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0014 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS8.1AI score0.04579EPSS
Exploits6References10
nessus
nessus
added 2025/05/14 12:0 a.m.6 views

Alibaba Cloud Linux 3 : 0014: nodejs:14 (ALINUX3-SA-2022:0014)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0014 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28469: This affects the package...

9.8CVSS8.1AI score0.04579EPSS
Exploits6References10
nessus
nessus
added 2024/12/11 12:0 a.m.15 views

Amazon Linux 2022 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2022-2022-013)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-013 advisory. An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations a...

6.5CVSS7.2AI score0.02936EPSS
Exploits2References5
nessus
nessus
added 2024/02/29 12:0 a.m.21 views

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

9.8CVSS7.1AI score0.81464EPSS
Exploits13References19
nessus
nessus
added 2023/11/07 12:0 a.m.29 views

Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

9.8CVSS8.1AI score0.04579EPSS
Exploits6References19
nessus
nessus
added 2023/11/06 12:0 a.m.29 views

Rocky Linux 8 : nodejs:16 (RLSA-2021:5171)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5171 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

9.8CVSS7.2AI score0.04579EPSS
Exploits6References15
osv
osv
added 2023/08/31 12:16 p.m.3 views

BELL-CVE-2021-22960 CVE-2021-22960 does not affect BellSoft software

Bulletin has no description...

6.5CVSS7.3AI score0.02299EPSS
Exploits1References1
nessus
nessus
added 2022/12/09 12:0 a.m.41 views

Amazon Linux 2022 : nodejs (ALAS2022-2022-214)

The version of nodejs installed on the remote host is prior to 18.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-214 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP...

9.8CVSS6.5AI score0.21514EPSS
Exploits5References15
openvas
openvas
added 2022/08/24 12:0 a.m.25 views

openSUSE: Security Advisory for nodejs10 (SUSE-SU-2022:2855-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.81464EPSS
Exploits5References2
ibm
ibm
added 2022/07/29 6:33 p.m.41 views

Security Bulletin: IBM DataPower Gateway potentially affected by various vulnerabilities in Node

Summary IBM has addressed several CVEs which may affect the APIC Gateway Service Vulnerability Details CVEID:CVE-2021-44532 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a...

6.5CVSS7.2AI score0.10364EPSS
Exploits4Affected Software3
nessus
nessus
added 2022/06/28 12:0 a.m.46 views

Debian DSA-5170-1 : nodejs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5170 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and...

8.2CVSS6.6AI score0.21514EPSS
Exploits4References15
debian
debian
added 2022/06/27 6:43 p.m.66 views

[SECURITY] [DSA 5170-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5170-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2022 https://www.debian.org/security/faq -...

8.2CVSS8.4AI score0.21514EPSS
Exploits4
ibm
ibm
added 2022/04/27 11:7 p.m.41 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js.

Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-22959 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by an error related to a space in headers. A remote attacker could send a...

7.4CVSS6.6AI score0.10364EPSS
Exploits4Affected Software1
ibm
ibm
added 2022/03/31 2:14 p.m.29 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to HTTP request smuggling due to CVE-2021-22960

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running, authoring and managing flows. All IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2021-22960. This bulletin provides patch information to address the reported vulnerability...

6.5CVSS7.1AI score0.02299EPSS
Exploits1Affected Software1
nessus
nessus
added 2022/03/12 12:0 a.m.54 views

AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

9.8CVSS7.3AI score0.04579EPSS
Exploits6References10
nessus
nessus
added 2022/03/12 12:0 a.m.44 views

AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

9.8CVSS7.1AI score0.04579EPSS
Exploits6References8
ibm
ibm
added 2022/02/25 8:34 p.m.31 views

Security Bulletin: Vulnerability in Node.js- CVE-2021-22959, CVE-2021-22960 may affect IBM Watson Assistant for IBM Cloud Pak for Data.

Summary Potential vulnerabilities in Node.js CVE-2021-22959, CVE-2021-22960 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-22959 DESCRIPTION: Node.js is vulnerable to HTTP...

6.5CVSS7.5AI score0.02936EPSS
Exploits2Affected Software1
openvas
openvas
added 2022/02/08 12:0 a.m.27 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:1552-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
redhat
redhat
added 2022/02/01 9:18 p.m.59 views

Moderate: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.04579EPSS
Exploits6References10
osv
osv
added 2022/02/01 8:8 p.m.42 views

RLSA-2022:0350 Moderate: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.18.2, nodejs-nodemon 2.0.15. BZ2027609 Security Fixes: nodejs-json-schema:...

9.8CVSS8.8AI score0.04579EPSS
Exploits6References10
Rows per page
Query Builder