Lucene search
K

28 matches found

F5 Networks
F5 Networks
added 2026/05/14 12:39 a.m.21 views

K000161266: Node.js vulnerability CVE-2025-23166

Security Advisory Description The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism...

7.5CVSS7.3AI score0.00763EPSS
Exploits0
OSV
OSV
added 2026/02/03 5:40 p.m.9 views

CLSA-2026-1770140451 nodejs: Fix of CVE-2025-23166

CVE-2025-23166: fix SignTraits::DeriveBits to properly validate user-supplied inputs to prevent crashing Node.js process...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.5 views

RockyLinux 10 : nodejs22 (RLSA-2025:8493)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8493 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References5
Redos
Redos
added 2025/10/06 12:0 a.m.3 views

ROS-20251006-09

A vulnerability in the permissions model of the Node.js software platform is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions and send unauthorized requests. existing security restrictions...

7.5CVSS6.8AI score0.00763EPSS
Exploits1
OSV
OSV
added 2025/10/03 7:56 p.m.5 views

RLSA-2025:8493 Important: nodejs22 security update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

7.5CVSS6.3AI score0.00763EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.5 views

nodejs22 security update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

7.5CVSS6.8AI score0.00763EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-23166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.1 views

RockyLinux 8 : nodejs:22 (RLSA-2025:8506)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8506 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability in Node.js

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executed in a background thread, causing the Node.js process to crash. Such cryptographic operations are commonly applied to untrusted inputs. Therefore, this mechanism potentially allows ...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/06/11 2:7 p.m.8 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/04 1:51 p.m.4 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/04 11:35 a.m.5 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/04 7:44 a.m.7 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/03 8:28 p.m.7 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/03 7:53 p.m.15 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7AI score0.00763EPSS
Exploits1References2
OSV
OSV
added 2025/06/03 12:0 a.m.12 views

ALSA-2025:8467 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 For more details about the security issues, including the impact, a CVSS...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References4
OSV
OSV
added 2025/05/23 1:59 p.m.4 views

OESA-2025-1533 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References3
OSV
OSV
added 2025/05/21 6:0 a.m.5 views

BIT-NODE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.6AI score0.00763EPSS
Exploits0References2
NVD
NVD
added 2025/05/19 2:15 a.m.14 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS0.00763EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 2:15 a.m.1 views

ALPINE-CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References1
Rows per page
Query Builder