RHSA-2017:2908 Red Hat Security Advisory: rh-nodejs6-nodejs security update

Bulletin has no description...

RHSA-2017:2913 Red Hat Security Advisory: rh-nodejs6-nodejs-tough-cookie security update

Bulletin has no description...

RHSA-2016:1582 Red Hat Security Advisory: nodejs010-nodejs-minimatch security update

Bulletin has no description...

RHSA-2013:1842 Red Hat Security Advisory: nodejs010-nodejs security update

Bulletin has no description...

In the Elliptic package 6.5.6 for Node.js ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero.

...

AZL-49155 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-5

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

AZL-49094 CVE-2024-43800 affecting package nodejs-nodemon 2.0.3-4

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute untrusted code. This issue is patched in serve-static 1.16.0...

AZL-49164 CVE-2024-43799 affecting package nodejs-nodemon 2.0.3-5

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...

Fedora: Security Advisory (FEDORA-2024-ad51aa23c3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-49085 CVE-2024-45296 affecting package nodejs-nodemon 2.0.3-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

CVE-2023-30582 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30584 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30584 vulnerabilities

Vulnerabilities for packages: nodejs...

AZL-48849 CVE-2024-36137 affecting package nodejs 20.14.0-13

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

CVE-2023-30582 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30587 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-30587 vulnerabilities

Vulnerabilities for packages: nodejs...

UBUNTU-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

Oracle Linux 9 : nodejs:18 (ELSA-2024-6147)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6147 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

Oracle Linux 8 : nodejs:18 (ELSA-2024-6148)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6148 advisory. nodejs 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...