Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...

Malicious Package

Overview @moonactive-innersource/ins-profiles-service-sdk-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore,...

Malicious code in google-auth-library-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cba35f5d5ad2abbe0f380ecedf252a58857f3f01eb94ccd979f4ebcb752adef7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview performance-quality-models-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...

js-ini 安全漏洞

js-ini is a Node.js package for encoding/decoding ini-like strings from the Russian individual developer Denis. A security vulnerability exists in versions of js-ini prior to 1.3.0 that stems from the package's susceptibility to prototype contamination, which can be exploited by an attacker to...

Malicious code in nodejs-docs-samples-iot-mqtt-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a02c1e75441fabe4bcc6557ef33ce2bba5bdb671f2147161ddf0d05a90809ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in myjohndeereapi-oauth2-nodejs-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e8e396af178eba7a59aaabef53f2a909b237f1fbb21b5735f93c3607d5f87421 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in clever-goals-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 99ef7811241a80a34b41104fa6b735b5fba548a07d98a391da3d4aac2e1203fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in remote-pay-cloud-nodejs-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c79c9016072594f69c2e51638411a976697aac06304e1d9a0ce7a430fe8d188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in courier-plugin-sdk-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 014002d316a160561d5ca8a30a271023a3de0d8d96de4c938aa0da0a1bdac3b7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]

Updated RHV-M Appliance packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

CVE-2021-44532 affecting package nodejs for versions less than 16.14.0-1

CVE-2021-44532 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-21824 affecting package nodejs for versions less than 16.14.0-1

CVE-2022-21824 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

UBUNTU-CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

CVE-2021-22939 affecting package nodejs 14.17.2-1

CVE-2021-22939 affecting package nodejs 14.17.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2018-12122 affecting package nodejs 8.11.4-7

CVE-2018-12122 affecting package nodejs 8.11.4-7. An upgraded version of the package is available that resolves this issue...

CVE-2018-0734 affecting package nodejs 8.11.4-7

CVE-2018-0734 affecting package nodejs 8.11.4-7. An upgraded version of the package is available that resolves this issue...

CVE-2020-8174 affecting package nodejs 8.11.4-7

CVE-2020-8174 affecting package nodejs 8.11.4-7. An upgraded version of the package is available that resolves this issue...

Photon OS 4.0: Nodejs PHSA-2021-4.0-0074

An update of the nodejs package has been released. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0074. The text itself is copyright C VMware, Inc...