RHEL 8 : 14_nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...

Debian dla-3776 : libnode-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3776 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3776-1 [email protected]...

CVE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

RHEL 9 : nodejs (RHSA-2023:5533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

SUSE-SU-2023:3455-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

RHEL 8 : nodejs:16 (RHSA-2023:4537)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4537 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

CentOS 8 : nodejs:18 (CESA-2023:4536)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4536 advisory. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This...

Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 18. BZ2223314, BZ2223316, BZ2223318, BZ2223319, BZ2223320, BZ2223354 Security Fixes: nodejs:...

RHEL 9 : nodejs (RHSA-2023:4331)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4331 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Moderate: nodejs security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs 16.20.1. BZ2223334, BZ2223336, BZ2223338, BZ2223340, BZ2223342, BZ2223344 Security Fixes: nodejs...

RHEL 9 : nodejs:18 (RHSA-2023:4330)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4330 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Fedora 37 : nodejs18 (2023-6b866fbe84)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6b866fbe84 advisory. 2023-06-20, Version 18.16.1 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

Internet Bug Bounty: DiffieHellman doesn't generate keys after setting a key

A security vulnerability was discovered in the DiffieHellman module of Node.js. The module did not generate new keys after setting a private key, potentially leading to the reuse of nonces and compromising security measures such as forward secrecy and IND-CPA...

Node.js: DiffieHellman doesn't generate keys after setting a key

DiffieHellman in Node.js did not generate new keys after setting a key, due to an issue in OpenSSL. This vulnerability could have allowed for key reuse and potential compromise of confidentiality and integrity in applications relying on DiffieHellman for security...

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. =========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...

asiCMS alpha 0.208 - Multiple Remote File Inclusions

=========================================================================================== o asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability Software : asiCMS version alpha 0.208 Vendor : http://asicms.sourceforge.net/ Download :...