7911 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-48948
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0...
Linux Distros Unpatched Vulnerability : CVE-2024-27983
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is...
Linux Distros Unpatched Vulnerability : CVE-2021-35065
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The glob-parent package before 6.0.1 for Node.js allows ReDoS regular expression denial of service attacks against the enclosure regular expression...
Linux Distros Unpatched Vulnerability : CVE-2023-30589
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling...
Linux Distros Unpatched Vulnerability : CVE-2024-22020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code...
Linux Distros Unpatched Vulnerability : CVE-2024-42461
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed. CVE-2024-42461 Note that Nessus relie...
Linux Distros Unpatched Vulnerability : CVE-2023-28155
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker- controller server that does a cross-protocol redirect HTTP t...
Linux Distros Unpatched Vulnerability : CVE-2024-22019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and...
Linux Distros Unpatched Vulnerability : CVE-2023-39333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that t...
Linux Distros Unpatched Vulnerability : CVE-2024-37890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to...
Linux Distros Unpatched Vulnerability : CVE-2024-42459
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can...
Linux Distros Unpatched Vulnerability : CVE-2023-30588
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to D...
Linux Distros Unpatched Vulnerability : CVE-2023-32006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...
Linux Distros Unpatched Vulnerability : CVE-2024-21890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:...
Linux Distros Unpatched Vulnerability : CVE-2023-38552
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged...
Linux Distros Unpatched Vulnerability : CVE-2024-21892
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges...
Linux Distros Unpatched Vulnerability : CVE-2024-21536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service DoS due to an...
Linux Distros Unpatched Vulnerability : CVE-2023-46809
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the...
Linux Distros Unpatched Vulnerability : CVE-2023-30581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2022-33987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket. CVE-2022-33987 Note that Nessus relies on the presence of the...