OPENSUSE-SU-2024:13855-1 nodejs-electron-28.2.10-3.1 on GA media

These are all security issues fixed in the nodejs-electron-28.2.10-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12334-1 nodejs-electron-19.0.17-1.1 on GA media

These are all security issues fixed in the nodejs-electron-19.0.17-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13600-1 nodejs-electron-27.2.3-1.1 on GA media

These are all security issues fixed in the nodejs-electron-27.2.3-1.1 package on the GA media of openSUSE Tumbleweed...

RLSA-2024:2910 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

nodejs security update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

Rocky Linux 9 : nodejs (RLSA-2024:2910)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2910 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

Rocky Linux 9 : nodejs:20 (RLSA-2024:2853)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2853 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrieve...

@pnp/nodejs (>=4.0.0 <=4.1.1-v4nightly.20240617), insomnia-plugin-azure-ad-authentication (=1.1.2) potentially affected by CVE-2024-35255 via @azure/msal-node (>=2.7.0 <=2.9.1)

@azure/msal-node NPM version =2.7.0, =4.0.0, =4.1.1-v4nightly.20240617 - insomnia-plugin-azure-ad-authentication =1.1.2 Source cves: CVE-2024-35255 Source advisory: OSV:GHSA-M5VV-6R4H-3VJ9...

nodejs-ip: arbitrary code execution via the isPublic() function

A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic function by inducing a Server-Side Request Forgery SSRF attack and obtaining access to normally inaccessible resources...

Important: Red Hat Security Advisory: HawtIO 4.0.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.0.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

RHEL 6 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

RHEL 8 : nodejs-http-signature (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-http-signature: HTTP header forgery CVE-2017-16005 Note that Nessus has not tested for this issue but has...

RHEL 8 : kibana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-set-value: prototype pollution in function set-value CVE-2019-10747 - mixin-deep is vulnerable to...

RHEL 9 : got (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...

RHEL 8 : cockpit-ovirt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-glob-parent: Regular expression denial of service CVE-2020-28469 Note that Nessus has not tested for this...

RHEL 8 : 14_nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...

RHEL 7 : kiali (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-axios: Regular expression denial of service in trim function CVE-2021-3749 Note that Nessus has not tested f...

RHEL 8 : 10_nodejs-nodemon (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 Note that...

RHEL 9 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

The vulnerability of the Node.js software platform arises from incorrect restrictions on path names for directories with restricted access. This allows attackers to execute attacks by bypassing these paths.

The vulnerability of the Node.js software platform is related to incorrect restrictions on path names for directories with restricted access. Exploiting this vulnerability can allow an attacker to execute attacks by bypassing the path restrictions...