Lucene search
+L

22 matches found

nessus
nessus
added 2026/01/22 12:0 a.m.8 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

4.5CVSS7.8AI score0.00765EPSS
Exploits0References2
osv
osv
added 2025/08/12 8:24 a.m.2 views

ROOT-OS-DEBIAN-12-CVE-2024-24758 CVE-2024-24758 in rootio-node-undici - Patched by Root

Root has patched CVE-2024-24758 in the rootio-node-undici package for Root:Debian:12. Multiple fixed versions available...

4.5CVSS8.2AI score0.00765EPSS
Exploits0
nessus
nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-24758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear...

4.5CVSS6.7AI score0.00765EPSS
Exploits0References3
cbl_mariner
cbl_mariner
added 2024/06/21 9:32 a.m.21 views

CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

4.5CVSS6.9AI score0.00765EPSS
Exploits0
ibm
ibm
added 2024/05/10 2:52 p.m.51 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated...

7.8CVSS7.8AI score0.03168EPSS
Exploits1Affected Software1
amazon
amazon
added 2024/03/21 12:0 a.m.7 views

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.x NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 main CVE-2024-22025 Undici is an HTTP/1.1 client, writt...

6.5CVSS5.9AI score0.01309EPSS
Exploits0
nessus
nessus
added 2024/03/21 12:0 a.m.42 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-568 advisory. NOTE: https://nodejs.org/en/blog/release/v18.19.1NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.xNOTE:...

6.5CVSS6.8AI score0.01309EPSS
Exploits0References8
openvas
openvas
added 2024/03/08 12:0 a.m.31 views

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:0728-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03168EPSS
Exploits1References2
openvas
openvas
added 2024/03/08 12:0 a.m.26 views

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2024:0729-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03168EPSS
Exploits1References2
nessus
nessus
added 2024/03/06 12:0 a.m.88 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2024-544)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-544 advisory. 2024-03-13: CVE-2024-22025 was added to this advisory. The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file...

9.8CVSS6.6AI score0.03168EPSS
Exploits0References18
nessus
nessus
added 2024/03/06 12:0 a.m.36 views

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2024:0728-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0728-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...

7.5CVSS6.7AI score0.03168EPSS
Exploits1References16
ibm
ibm
added 2024/03/05 4:1 p.m.28 views

Security Bulletin: IBM App Connect Enterprise Certified Container flows using Box are vulnerable to loss of confidentiality due to [CVE-2024-24758]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for communicating with Box in the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows using the Box connector are vulnerable to loss o...

4.5CVSS5.3AI score0.00765EPSS
Exploits0Affected Software1
openvas
openvas
added 2024/03/04 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2024:0729-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03168EPSS
Exploits1References8
openvas
openvas
added 2024/03/04 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2024:0728-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.03168EPSS
Exploits1References8
nessus
nessus
added 2024/03/01 12:0 a.m.43 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs18 (SUSE-SU-2024:0730-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0730-1 advisory. Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilitie...

7.8CVSS6.8AI score0.03168EPSS
Exploits1References19
nessus
nessus
added 2024/03/01 12:0 a.m.45 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2024:0731-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0731-1 advisory. Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack again...

7.5CVSS6.7AI score0.03168EPSS
Exploits1References16
osv
osv
added 2024/02/29 12:1 p.m.8 views

SUSE-SU-2024:0731-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding bsc1219997. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk...

7.5CVSS6.3AI score0.03168EPSS
Exploits1References11
nessus
nessus
added 2024/02/29 12:0 a.m.46 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:0644-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0644-1 advisory. Update to 18.19.1: security updates CVE-2024-21892: Code injection and privilege escalation through Linux capabilities bsc1219992...

7.8CVSS6.8AI score0.03168EPSS
Exploits1References19
circl
circl
added 2024/02/16 11:21 p.m.2 views

CVE-2024-24758

creationtimestamp| type| source ---|---|--- 2024-02-16 23:21:52+00:00| seen| https://t.me/ctinow/186690 2024-02-18 13:21:49+00:00| seen| https://t.me/ctinow/187244 2024-03-08 09:26:18+00:00| seen| https://t.me/ctinow/203166 2024-04-12 05:22:30+00:00| seen| https://t.me/arpsyndicate/4525 2024-11-1...

4.5CVSS6.7AI score0.00765EPSS
Exploits0References5
cve
cve
added 2024/02/16 9:40 p.m.129 views

CVE-2024-24758

Undici (Node.js HTTP/1.1 client) has a vulnerability where Proxy-Authorization headers were not cleared during cross-origin redirects. It is fixed in versions 5.28.3 and 6.6.1. Affected versions include older releases prior to these patches; upgrading to 5.28.3 or 6.6.1 or newer is advised. The i...

4.5CVSS3.9AI score0.00765EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder