Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:41 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

9.8CVSS7.5AI score0.0187EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.25 views

openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.1AI score0.77766EPSS
Exploits5References2
Oracle linux
Oracle linux
added 2023/06/15 12:0 a.m.51 views

nodejs security update

1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...

9.8CVSS7AI score0.77766EPSS
Exploits10
OpenVAS
OpenVAS
added 2023/02/16 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.77766EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:0408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.77766EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.33 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0408-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0408-1 advisory. This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default crypto:...

9.1CVSS7.2AI score0.77766EPSS
Exploits5References25
Oracle linux
Oracle linux
added 2022/12/08 12:0 a.m.52 views

nodejs:18 security, bug fix, and enhancement update

nodejs 1:18.12.1-2 - Update version of bundled histogram 1:18.12.1-1 - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517...

9.1CVSS1.8AI score0.14024EPSS
Exploits2
OSV
OSV
added 2022/12/05 10:15 p.m.3 views

DEBIAN-CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS6.9AI score0.0187EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.6 views

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

6.7AI score0.0187EPSS
Exploits1References4
CVE
CVE
added 2022/12/05 12:0 a.m.289 views

CVE-2022-35255

CVE-2022-35255 describes a weakness in Node.js 18 WebCrypto key generation where EntropySource() is invoked but its return value is not checked, and the data returned may not be cryptographically strong. The underlying issue occurs in SecretKeyGenTraits::DoKeyGen() and can lead to weaker key mate...

9.1CVSS8.9AI score0.0187EPSS
Exploits1References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 4:58 p.m.38 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256

Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...

9.1CVSS8.2AI score0.02587EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2022/11/29 12:0 a.m.28 views

Fedora: Security Advisory for nodejs (FEDORA-2022-de515f765f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS7.9AI score0.68796EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2022/11/29 12:0 a.m.33 views

Fedora: Security Advisory for nodejs (FEDORA-2022-1667f7b60a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS7.9AI score0.68796EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.29 views

Oracle Linux 8 : nodejs:18 (ELSA-2022-7821)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7821 advisory. nodejs 1:18.8.0-1 - Rebase to version 18.8.0 - Include sources for WASM blobs nodejs-packaging 2021.06-4 - NPM bundler: also find namespaced bundled...

9.1CVSS7.8AI score0.02587EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2022/11/08 11:35 a.m.35 views

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.1CVSS7AI score0.02587EPSS
Exploits2References3
OSV
OSV
added 2022/11/08 10:51 a.m.30 views

RLSA-2022:7821 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...

8.2CVSS8.6AI score0.02587EPSS
Exploits2References3
OSV
OSV
added 2022/11/08 12:0 a.m.47 views

ALSA-2022:7821 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...

9.1CVSS8.6AI score0.02587EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2022/11/08 12:0 a.m.27 views

RHEL 8 : nodejs:18 (RHSA-2022:7821)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.1CVSS7.9AI score0.02587EPSS
Exploits2References6
AlmaLinux
AlmaLinux
added 2022/11/08 12:0 a.m.37 views

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...

9.1CVSS8.5AI score0.02587EPSS
Exploits2References6
Rows per page
Query Builder