23 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-29244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=...
nodejs security update
1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js npm module information disclosure (CVE-2022-29244)
Summary Potential Node.js npm module information disclosure vulnerability CVE-2022-29244 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-29244 DESCRIPTION: Node.js npm module cou...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-0235 DESCRIPTION: Node.js...
Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2022:6595)
The remote Rocky Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2022:6595 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces,...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed by an ifix, a fixpack release and an option to disable the node CVE-2022-29244, CVE-2022-33987 Vulnerability Details CVEID:CVE-2022-29244 DESCRIPTION: Node....
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to loss of confidentiality due to CVE-2022-29244
Summary Node.js is used by all IBM App Connect Enterprise Certified Container operands. IBM App Connect Enterprise Certified Container operands may be vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability CVE-2022-29244 in Node.js...
AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2022:6595)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6595 advisory. - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollut...
Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...
RHEL 9 : nodejs and nodejs-nodemon (RHSA-2022:6595)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6595 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
ALSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
SUSE: Security Advisory (SUSE-SU-2022:3251-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3250-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...
SUSE: Security Advisory (SUSE-SU-2022:3250-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. -...
SUSE: Security Advisory (SUSE-SU-2022:3196-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-29244
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag ie. --workspaces, --workspace=. Anyone who has run npm pack or npm publish inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published...