32 matches found
TencentOS Server 4: nodejs (TSSA-2024:0614)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2023-45143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects,...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to obtain sensitive information due to Node.js undici ( CVE-2023-45143 )
Summary Node.js undici is used by IBM Cloud Pak for Data as part of the . CVE-2023-45143. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to clear cookie header on...
Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-45143)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-45143. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow a remote authenticated...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Node.js ( CVE-2023-44487, CVE-2023-45143 )
Summary Potential vulnerabilities in Node.js related to the VM component CVE-2023-44487, CVE-2023-45143 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...
openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:4207-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to the electron module (CVE-2023-45143)
Summary IBM App Connect Enterprise is vulnerable to allowing a remote authenticated attacker to obtain sensitive information, due to the electron module. Electron is used for Discovery Connectors in IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerabilit...
Important: Red Hat Security Advisory: nodejs:20 security update
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2023-45143 affecting package nodejs18 for versions less than 18.18.2-2
CVE-2023-45143 affecting package nodejs18 for versions less than 18.18.2-2. An upgraded version of the package is available that resolves this issue...
Fedora: Security Advisory (FEDORA-2023-dbe64661af)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-7b52921cae)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nodejs20 (FEDORA-2023-f66fc0f62a)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:4207-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for nodejs18 (FEDORA-2023-d5030c983c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4155-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4155-1 advisory. - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie...
Mageia: Security Advisory (MGASA-2023-0299)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 9 : 18 (ELSA-2023-5849)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5849 advisory. - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon - Resolves: CVE-2022-25883...
MGASA-2023-0299 Updated nodejs packages fix security vulnerabilities
This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...
Updated nodejs packages fix security vulnerabilities
This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...
SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:4150-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4150-1 advisory. - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie...