Malicious code in config-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e981c5877747825868f3fa52c139feb2dc49785d34e735556a425dcaf00c2802 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in middleware-sdk-sqs (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-48949

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...

Oracle Linux 8 : nodejs:18 (ELSA-2024-6148)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6148 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

GHSA-977X-G7H5-7QGW Elliptic's ECDSA missing check for whether leading bit of r and s is zero

In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...

Photon OS 5.0: Nodejs PHSA-2023-5.0-0041

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Malicious code in appds-nodejs-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1ac973f28037939ed23e341eacd9fcc006c3709075045f2d51232131c111977 The OpenSSF Package Analysis project identified 'appds-nodejs-utils' @ 0.2.0 npm as malicious. It is considered malicious because: - The package...

CVE-2024-21891 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21891 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

OPENSUSE-SU-2024:10247-1 nodejs4-4.7.0-1.1 on GA media

These are all security issues fixed in the nodejs4-4.7.0-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-2P57-RM9W-GVFP ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

AZL-40420 CVE-2024-34064 affecting package nodejs for versions less than 20.14.0-1

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

AZL-35045 CVE-2024-24758 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear Proxy-Authentication headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known...

AZL-34379 CVE-2023-42282 affecting package nodejs for versions less than 16.20.2-3

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

node-openssl Security Vulnerabilities

node-openssl is the openssl package for nodejs. A security vulnerability exists in node-openssl version 2.0.0 and earlier, which stems from a security flaw in the opts parameter...

Ubuntu: Security Advisory (USN-6491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-23920 affecting package nodejs 14.21.1-3

CVE-2023-23920 affecting package nodejs 14.21.1-3. An upgraded version of the package is available that resolves this issue...

Malicious code in wasabi-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1a47529c7afca95337513fc02161d3429f5b5e4fa1ff3f80484688148b152ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

RHEL 9 : nodejs:18 (RHSA-2023:4330)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4330 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

SUSE CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2022-43548 affecting package nodejs 14.20.1-2

CVE-2022-43548 affecting package nodejs 14.20.1-2. An upgraded version of the package is available that resolves this issue...