Linux Distros Unpatched Vulnerability : CVE-2023-30581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerabili...

Linux Distros Unpatched Vulnerability : CVE-2023-32002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

BIT-NODE-MIN-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

BIT-NODE-MIN-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

Siemens SINEC NMS < V2.0 SP1 Multiple Vulnerabilities

The version of Siemens SINEC NMS installed on the remote host is prior to 2.0.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA-943925 advisory. - coreruleset aka OWASP ModSecurity Core Rule Set through 3.3.4 does not detect multiple Content-Type request headers...

Oracle Linux 8 : nodejs:20 (ELSA-2023-7205)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7205 advisory. - Fixes CVE-2023-44487 nghttp Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

Fedora 37 : nodejs18 (2023-e9c04d81c1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

CentOS 8 : nodejs:18 (CESA-2023:5869)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5869 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return...

ALPINE-CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

CVE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

DEBIAN-CVE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

SUSE CVE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

SUSE CVE-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...