MAL-2023-8419 Malicious code in ironfish-rust-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7c72ce118b54d6f7c389cffe8b206419fdb96d698e61557ce25e5240a5ca6c38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Ubuntu: Security Advisory (USN-6457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mailchecker - Cross-language Temporary (Disposable/Throwaway) Email Detection Library. Covers 55 734+ Fake Email Providers

Cross-language email validation. Backed by a database of over 55 000 throwable email domains. Validate the format of your email uses validator.js email regex underneath and FILTERVALIDATEEMAIL for PHP Validate if the email is not a temporary mail yopmail-like..., add your own dataset to list.txt...

Tenable Identity Exposure < 3.42.17 Multiple Vulnerabilities (TNS-2023-33)

According to its self-reported version, the Tenable Identity Exposure running on the remote host is prior to 3.42.17. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-33 advisory. Tenable Identity Exposure leverages third-party software to help provide underlyi...

SUSE-SU-2023:4207-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

Rocky Linux 9 : nodejs (RLSA-2023:5765)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5765 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

Rocky Linux 8 : nodejs:16 (RLSA-2023:5850)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:5850 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wil...

[R1] Tenable Identity Exposure Version 3.42.17 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.42.17 Fixes Multiple Vulnerabilities Jason Schavel Mon, 10/23/2023 - 11:51 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components RabbitMQ, libcurl, and nodeJS were found to...

When the Node.js policy feature checks the integrity of a resource against a trusted manifest the application can intercept the operation and return a forged checksum to the node's policy implementation thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and 20.x. Please note that at the time this CVE was issued the policy mechanism is an experimental feature of Node.js.

...

Mageia: Security Advisory (MGASA-2023-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nodejs:18 security update

nodejs 1:18.18.2-1 - Rebase to version 18.18.2 Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333 nodejs-nodemon nodejs-packaging...

Oracle Linux 8 : nodejs:16 (ELSA-2023-5850)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5850 advisory. - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding description block directly from the Orac...

MGASA-2023-0299 Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

Updated nodejs packages fix security vulnerabilities

This is a security release. The following CVEs are fixed in this release: CVE-2023-44487: nghttp2 Security Release High CVE-2023-45143: undici Security Release High CVE-2023-38552: Integrity checks according to policies can be circumvented Medium CVE-2023-39333: Code injection via WebAssembly...

nodejs security update

1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487...

nodejs:16 security update

nodejs 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 nodejs-nodemon nodejs-packaging 26-1 - nodejs.prov: find namespaced bundled dependencies - Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df...

Oracle Linux 9 : nodejs (ELSA-2023-5765)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-5765 advisory. 1:16.20.2-3.0.1 - Update nghttp2 to 1.57.0 Resolves: CVE-2023-44487 Tenable has extracted the preceding description block directly from the Oracle Linux securit...

SUSE-SU-2023:4133-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

SUSE-SU-2023:4132-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-391)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-391 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...