Lucene search
+L

13 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-30581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerabili...

7.5CVSS7.5AI score0.0105EPSS
Exploits0References3
nessus
nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2023-32002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

9.8CVSS7.4AI score0.0143EPSS
Exploits0References2
osv
osv
added 2024/12/16 1:58 p.m.17 views

BIT-NODE-MIN-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS8.2AI score0.0143EPSS
Exploits0References3
osv
osv
added 2024/12/16 1:57 p.m.10 views

BIT-NODE-MIN-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS8.9AI score0.01484EPSS
Exploits1References4
nessus
nessus
added 2024/02/29 12:0 a.m.69 views

Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers...

9.8CVSS7.2AI score0.8377EPSS
Exploits29References64
nessus
nessus
added 2023/11/22 12:0 a.m.49 views

Oracle Linux 8 : nodejs:20 (ELSA-2023-7205)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7205 advisory. - Fixes CVE-2023-44487 nghttp Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

9.8CVSS7.3AI score0.99999EPSS
Exploits19References7
nessus
nessus
added 2023/10/26 12:0 a.m.47 views

Fedora 37 : nodejs18 (2023-e9c04d81c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
nessus
nessus
added 2023/10/19 12:0 a.m.73 views

CentOS 8 : nodejs:18 (CESA-2023:5869)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5869 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return...

7.5CVSS7.3AI score0.99999EPSS
Exploits19References5
osv
osv
added 2023/10/18 4:15 a.m.5 views

ALPINE-CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

7.5CVSS6.9AI score0.01107EPSS
Exploits0References1
nvd
nvd
added 2023/08/24 2:15 a.m.23 views

CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS8.8AI score0.01484EPSS
Exploits1References3
osv
osv
added 2023/08/21 5:15 p.m.10 views

DEBIAN-CVE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS7AI score0.0143EPSS
Exploits0References1
susecve
susecve
added 2023/08/11 2:13 a.m.5 views

SUSE CVE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

6.5CVSS7.5AI score0.0143EPSS
Exploits0References14
susecve
susecve
added 2023/08/11 2:13 a.m.5 views

SUSE CVE-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

5.6CVSS8.2AI score0.01273EPSS
Exploits0References14
Rows per page
Query Builder