4346 matches found
CVE-2021-3805
A flaw was found in the object-path nodejs library when the del function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of...
GHSA-977X-G7H5-7QGW Elliptic's ECDSA missing check for whether leading bit of r and s is zero
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
DEBIAN-CVE-2024-42460
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a missing check for whether the leading bit of r and s is zero...
DEBIAN-CVE-2024-42461
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
PT-2024-29957 · Npm +1 · Elliptic +1
Name of the Vulnerable Software and Affected Versions: Elliptic package version 6.5.6 Description: ECDSA signature malleability occurs in the Elliptic package because BER-encoded signatures are allowed. This issue affects the Elliptic package for Node.js. Recommendations: For Elliptic package...
Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]
Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...
Security Bulletin: Vulnerability in nodejs moment.js affect Cloud Pak System [CVE-2022-24785]
Summary Vulnerability in nodejs moment.js affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafte...
Exploit for CVE-2024-39700
CVE-2024-39700 Proof of Concept Repositories created using th...
Important: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs: CONTINUATION frames DoS
A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which...
Malicious code in health-check-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ef9d93b4469df4d458d4c4a226b45fa7baf7760a84cd3d8b5fc84fb990e0e6ba The OpenSSF Package Analysis project identified 'health-check-nodejs' @ 3.16.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2024-7836 Malicious code in health-check-nodejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ef9d93b4469df4d458d4c4a226b45fa7baf7760a84cd3d8b5fc84fb990e0e6ba The OpenSSF Package Analysis project identified 'health-check-nodejs' @ 3.16.1 npm as malicious. It is considered malicious because: - The packa...
Photon OS 5.0: Nodejs PHSA-2023-5.0-0041
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Nodejs PHSA-2022-3.0-0504
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0504. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Nodejs PHSA-2024-4.0-0636
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0636. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Nodejs PHSA-2023-4.0-0417
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0417. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Nodejs PHSA-2024-3.0-0738
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0738. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Nodejs PHSA-2022-3.0-0426
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0426. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Nodejs PHSA-2024-4.0-0653
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0653. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 3.0: Nodejs PHSA-2022-3.0-0375
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0375. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...