48 matches found
MiracleLinux 9 : nodejs-16.17.1-1.el9 (AXSA:2022-4091:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4091:01 advisory. nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...
openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nodejs security update
1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...
SUSE: Security Advisory (SUSE-SU-2023:0419-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0408-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0408-1 advisory. This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default crypto:...
SUSE: Security Advisory (SUSE-SU-2023:0408-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.12.1-2 - Update version of bundled histogram 1:18.12.1-1 - Rebase to version 18.12.1 Resolves: rhbz2125580 CVE-2022-43548 CVE-2022-3517 1:18.9.1-1 - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon 2.0.20-1 - Rebase to 2.0.20 Resolves: CVE-2022-3517...
DEBIAN-CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...
CVE-2022-35255
CVE-2022-35255 describes a weakness in Node.js 18 WebCrypto key generation where EntropySource() is invoked but its return value is not checked, and the data returned may not be cryptographically strong. The underlying issue occurs in SecretKeyGenTraits::DoKeyGen() and can lead to weaker key mate...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256
Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...
Fedora: Security Advisory for nodejs (FEDORA-2022-1667f7b60a)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for nodejs (FEDORA-2022-de515f765f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Oracle Linux 8 : nodejs:18 (ELSA-2022-7821)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7821 advisory. nodejs 1:18.8.0-1 - Rebase to version 18.8.0 - Include sources for WASM blobs nodejs-packaging 2021.06-4 - NPM bundler: also find namespaced bundled...
Important: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2022:7821 Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...
ALSA-2022:7821 Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...
Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.9.1. BZ2130559, BZ2131750 Security Fixes: nodejs: weak randomness in WebCrypto...
RHEL 8 : nodejs:18 (RHSA-2022:7821)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7821 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...