69 matches found
MiracleLinux 8 : nodejs:18 (AXSA:2023-5259:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5259:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 http-cache-semantics: Regular Expression Denial of Service ReDoS vulnerability...
Ubuntu: Security Advisory (USN-6672-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5589-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5589-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2023 https://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2023-23920 affecting package nodejs 14.21.1-3
CVE-2023-23920 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js (CVE-2023-23920)
Summary IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to Node.js CVE-2023-23920. The fix includes Node.js 14.21.3 Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused b...
Medium: nodejs
Issue Overview: An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 Affected Packages: nodejs Issue Correction: Run dnf update...
RLSA-2023:2655 Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...
nodejs:18 security, bug fix, and enhancement update
nodejs 1:18.14.2-2 - Provide simduft - Resolves: 2159389 1:18.14.2-1 - Rebase to 18.14.2 - Resolves: 2159389 - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 - Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920 nodejs-nodemon 2.0.20-2 - Patch bundled glob-parent -...
K000134602: Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920
Security Advisory Description CVE-2023-23918 A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https: //nodejs. org/api/permissions.html feature in Node.js and access non authorized modules by...
AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2023:2655)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2655 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server,...
AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-490...
Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2023:2655 Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...
ALSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...
Debian DSA-5395-1 : nodejs - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5395 advisory. An untrusted search path vulnerability was discovered in Node.js, which could result in unexpected searching or loading ICU data when running with elevated privileges. For...
Security Bulletin: Potential security bypass in IBM DataPower Gateway (CVE_2023-23920)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-23920 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using ICUDATA environment variable, an attacker...
[SECURITY] [DSA 5395-1] nodejs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5395-1 [email protected] https://www.debian.org/security/ Aron Xu May 02, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...