Node.js Module Undici < 6.19.2 Information Disclosure

The nodejs module Undici detected on the host is prior to version 6.19.2. It is, therefore, affected by an information disclosure vulnerability. An authenticated, remote attacker can exploit this to obtain a portion of memory from the Node.js process. Note that Nessus has not tested for these...

Photon OS 3.0: Nodejs PHSA-2023-3.0-0602

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0602. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Nodejs PHSA-2024-4.0-0586

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0586. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

RHEL 8 : nodejs:18 (RHSA-2024:4824)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4824 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

MAL-2024-7793 Malicious code in appds-nodejs-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1ac973f28037939ed23e341eacd9fcc006c3709075045f2d51232131c111977 The OpenSSF Package Analysis project identified 'appds-nodejs-utils' @ 0.2.0 npm as malicious. It is considered malicious because: - The package...

Moderate: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : nodejs (RHSA-2024:4721)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4721 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Node.js Module @sap/approuter < 14.4.2 Privilege Escalation

The nodejs module @sap/approuter detected on the host is prior to version 14.4.2. It is, therefore, affected by a privilege escalation vulnerability. An unauthenticated, remote attacker can exploit this to gain arbitrary permissions within the applicaiton. Note that Nessus has not tested for thes...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js (CVE-2024-35255, CVE-2024-37168)

Summary IBM App Connect Enterprise is vulnerable to a local authenticated attack and denial of service due to Microsoft Azure Identity Libraries and Microsoft Authentication Library and gRPC on Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

ROS-20240719-05

A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of special elements in the output data used by the input component. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting...

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 277 Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted reques...

Security Bulletin: IBM Maximo Application Suite: follow-redirects-1.15.5.tgz is vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.5.tgz which is vulnerable to CVE-2024-28849 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information,...

SUSE-SU-2024:2542-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

PT-2024-33290

Name of the Vulnerable Software and Affected Versions Elliptic package versions prior to 6.5.6 Description The issue concerns the Elliptic package for Node.js, specifically the EDDSA implementation. It does not perform the required check if the signature proofs is within the bounds of the order n...

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2024:2496-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2496-1 advisory. Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import...

Moderate: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE-SU-2024:2496-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass bsc1227560 - CVE-2024-22020: Fixed a bypass of network import restriction via data URL bsc1227554 Changes in 18.20.3: - This release fixes a regression introduced in Node.js...

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-28849)

Summary A vulnerability in axios affects IBM Robotic Process Automation resulting in a bypass of security restrictions. axios is used by IBM Robotic Process Automation as part of the Control Center. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Important Photon OS Security Update - PHSA-2024-4.0-0653

Updates of 'nodejs' packages of Photon OS have been released...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing.

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.1.8 Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decrypti...