SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:4132-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4132-1 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the...

SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4133-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4133-1 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the...

AZL-31614 CVE-2023-38552 affecting package nodejs18 for versions less than 18.18.2-2

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

CBL Mariner 2.0 Security Update: edk2 / hvloader / nodejs18 / openssl (CVE-2023-0464)

The version of edk2 / hvloader / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0464 advisory. - A security vulnerability has been identified in all supported versions of OpenS...

CVE-2023-32067 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-32067 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-31147 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-31147 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-32559 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-32559 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-32002 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-32002 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-31130 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-31130 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2023-35945 affecting package nodejs18 for versions less than 18.17.1-2

CVE-2023-35945 affecting package nodejs18 for versions less than 18.17.1-2. A patched version of the package is available...

SUSE-SU-2023:3378-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed...

AZL-27942 CVE-2023-32002 affecting package nodejs18 for versions less than 18.17.1-2

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

Fedora: Security Advisory for nodejs18 (FEDORA-2023-18476abd7e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:3356-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3356-1 advisory. - https://nodejs.org/en/blog/vulnerability/august-2023-security-releases Security releases available Updates are now available for...

SUSE-SU-2023:3356-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to LTS version 18.17.1 security fixes: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. -...

Fedora: Security Advisory for nodejs18 (FEDORA-2023-d12a917ab4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3

CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3. A patched version of the package is available...

Fedora: Security Advisory for nodejs18 (FEDORA-2023-cdddce304a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...