GHSA-F9JC-68CV-WP63 vulnerabilities

Vulnerabilities for packages: nodejs...

RockyLinux 8 : nodejs:22 (RLSA-2025:1611)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1611 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs:...

RockyLinux 9 : nodejs:22 (RLSA-2025:1613)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1613 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs:...

RockyLinux 8 : nodejs:18 (RLSA-2025:1582)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

GHSA-C595-V5XP-GV8W vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-JPGC-8HRM-HVWJ vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-C595-V5XP-GV8W vulnerabilities

Vulnerabilities for packages: nodejs...

GHSA-9XVM-XMW3-2HM2 vulnerabilities

Vulnerabilities for packages: nodejs, kibana...

AlmaLinux 8 : nodejs:18 (ALSA-2025:1582)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

RHEL 8 : nodejs:22 (RHSA-2025:1611)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1611 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RockyLinux 9 : nodejs:18 (RLSA-2025:1446)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1446 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

Oracle Linux 9 : nodejs:18 (ELSA-2025-1446)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1446 advisory. - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 Tenable has extracted the preceding description block directly from the Oracle...

Fedora 37 : nodejs (2022-1667f7b60a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1667f7b60a advisory. November 2022 Security Updates https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ ---- Update to 18.10.0...

RHEL 8 : nodejs:18 (RHSA-2024:6148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6148 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

USN-6380-1 nodejs vulnerabilities

Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

Vulnerabilities fixed in Node.js

Vulnerabilities have been fixed in Node.js. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Circumvention of security measure Increased user privileges Node.js has released updates...

Important: nodejs

Issue Overview: An HTTP Request Smuggling HRS vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied such as proxy, reverse-proxy, load-balancer, an attacker can use this...

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js 12, 14 and 16. Due to a flaw in certificate handling, a remote malicious party could remotely could potentially manipulate traffic to an application running on node.js manipulate traffic to gain access to sensitive data. -= Fedora =- Fedora has made...

SUSE-SU-2021:3184-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22931: Fixed improper handling of untypical characters in domain names bsc1189370. - CVE-2021-22940: Use after free on close http2 on stream canceling bsc118936...

RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2865 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...