Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7925 matches found

RedhatCVE
RedhatCVEadded 2024/03/21 12:28 a.m.45 views

CVE-2024-22025

A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fetch function in Node.js that always decodes Brotli, making it possible for an attacker to caus...

6.5CVSS5.2AI score0.00636EPSS
Exploits0References3
Amazon
Amazonadded 2024/03/21 12:0 a.m.4 views

Medium: nodejs

Issue Overview: NOTE: https://nodejs.org/en/blog/release/v18.19.1 NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.x NOTE: https://github.com/nodejs/node/commit/9052ef43dc2d1b0db340591a9bc9e45a25c01d90 main CVE-2024-22025 Undici is an HTTP/1.1 client, writt...

6.5CVSS5.9AI score0.00636EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/03/21 12:0 a.m.52 views

AlmaLinux 8 : nodejs:16 (ALSA-2024:1444)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1444 advisory. nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled web...

7.5CVSS7.2AI score0.9439EPSS
Exploits19References3
Amazon
Amazonadded 2024/03/21 12:0 a.m.3 views

Important: nodejs

Issue Overview: A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if they have been set by an unprivileged user while the process is running with elevated privileges, with the exception of CAPNETBINDSERVICE. Due to a bug in the implementation of this exception,...

7.8CVSS9.5AI score0.00448EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/03/21 12:0 a.m.31 views

AlmaLinux 9 : nodejs (ALSA-2024:1438)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1438 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and...

7.5CVSS7AI score0.0038EPSS
Exploits0References2
Oracle linux
Oracle linuxadded 2024/03/21 12:0 a.m.34 views

nodejs security update

1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019...

7.5CVSS7.4AI score0.0038EPSS
Exploits0
Oracle linux
Oracle linuxadded 2024/03/21 12:0 a.m.50 views

nodejs:16 security update

nodejs 1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...

7.5CVSS7.4AI score0.9439EPSS
Exploits19
Tenable Nessus
Tenable Nessusadded 2024/03/21 12:0 a.m.48 views

Oracle Linux 9 : nodejs (ELSA-2024-1438)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1438 advisory. 1:16.20.2-4.0.1 - reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks Resolves: CVE-2024-22019 Tenable has extracted the precedin...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2024/03/21 12:0 a.m.37 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-569)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-569 advisory. A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if they have been set by an unprivileged user while the process is running with elevated privileges, with th...

7.8CVSS7AI score0.00448EPSS
Exploits0References6
Tenable Nessus
Tenable Nessusadded 2024/03/21 12:0 a.m.37 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-568)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-568 advisory. NOTE: https://nodejs.org/en/blog/release/v18.19.1NOTE: https://github.com/nodejs/node/commit/f31d47e135973746c4f490d5eb635eded8bb3dda v18.xNOTE:...

6.5CVSS6.8AI score0.00636EPSS
Exploits0References8
RedHat Linux
RedHat Linuxadded 2024/03/20 10:5 a.m.43 views

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.9AI score0.0038EPSS
Exploits0References2
OSV
OSVadded 2024/03/20 12:0 a.m.26 views

ALSA-2024:1438 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

7.5CVSS7.6AI score0.0038EPSS
Exploits0References4
AlmaLinux
AlmaLinuxadded 2024/03/20 12:0 a.m.44 views

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

7.5CVSS7.3AI score0.9439EPSS
Exploits19References6
Tenable Nessus
Tenable Nessusadded 2024/03/20 12:0 a.m.28 views

RHEL 9 : nodejs (RHSA-2024:1438)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1438 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes...

7.5CVSS7.1AI score0.0038EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/03/20 12:0 a.m.45 views

RHEL 8 : nodejs:16 (RHSA-2024:1444)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1444 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

7.5CVSS7.3AI score0.9439EPSS
Exploits19References7
AlmaLinux
AlmaLinuxadded 2024/03/20 12:0 a.m.41 views

Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 For more details about the security...

7.5CVSS7.2AI score0.0038EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/19 8:32 p.m.64 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.15 and earlier

Summary This fix upgrades to Node.js 18.19.1. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. There are two categories of vulnerabilities addressed. The first allows remote attackers to gain access to the system, bypassing security restrictions. The second makes...

9.8CVSS8AI score0.01642EPSS
Exploits0Affected Software1
NVD
NVDadded 2024/03/19 7:15 p.m.11 views

CVE-2024-29027

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS9.4AI score0.01895EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2024/03/19 6:57 p.m.8 views

CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...

9CVSS7.5AI score0.01895EPSS
Exploits0References5
CVE
CVEadded 2024/03/19 6:57 p.m.69 views

CVE-2024-29027

Parse Server vulnerability CVE-2024-29027 affects versions prior to 6.5.5 and 7.0.0-alpha.29, where calling an invalid Cloud Function name or Cloud Job name can crash the server and may allow code injection, internal store manipulation, or remote code execution. The fix was implemented in 6.5.5 a...

9CVSS9.3AI score0.01895EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder