Important: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18. BZ2234409 Security Fixes: nodejs: Permissions policies can be bypassed via...

AlmaLinux 8 : nodejs:18 (ALSA-2023:5362)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5362 advisory. nodejs: Permissions policies can be bypassed via Module.load CVE-2023-32002 nodejs-semver: Regular expression denial of service CVE-2022-25883 nodejs:...

RHEL 8 : nodejs:18 (RHSA-2023:5362)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5362 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Mageia: Security Advisory (MGASA-2023-0264)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2023-0264 Updated nodejs packages fix security vulnerability

This is a security release. As well, it fixes v8 headers detection mga28809 The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module.load High CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire Medium CVE-2023-32559: Policies can ...

Updated nodejs packages fix security vulnerability

This is a security release. As well, it fixes v8 headers detection mga28809 The following CVEs are fixed in this release: CVE-2023-32002: Policies can be bypassed via Module.load High CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire Medium CVE-2023-32559: Policies can ...

K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

USN-6380-1 nodejs vulnerabilities

Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

CVE-2023-32558 vulnerabilities

Vulnerabilities for packages: nodejs...

CVE-2023-32558 vulnerabilities

Vulnerabilities for packages: nodejs...

Security Bulletin: Due to use of NodeJS, IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to multiple security vulnerabilities.

Summary NodeJS is used by multiple components of IBM Cloud Pak for Multicloud Management Monitoring as a runtime environment Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly che...

OESA-2023-1551 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Critical Photon OS Security Update - PHSA-2023-3.0-0642

Updates of 'open-vm-tools', 'nodejs' packages of Photon OS have been released...

RLSA-2023:4034 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

Critical Photon OS Security Update - PHSA-2023-5.0-0082

Updates of 'binutils', 'nodejs' packages of Photon OS have been released...

The vulnerability of the process.binding() module in the Node.js software platform allows attackers to circumvent existing security restrictions.

The vulnerability of the process.binding module in the Node.js software platform is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely...

SUSE-SU-2023:3455-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...

Privilege Escalation

nodejs is vulnerable to Privilege Escalation. This vulnerability exists due to a flaw in the way the process.binding API can be used to bypass the policy mechanism. An attacker can exploit this vulnerability to gain elevated privileges...

nodejs bug fix update

An update is available for nodejs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for building fast and scalable...

CVE-2023-32559 vulnerabilities

Vulnerabilities for packages: nodejs...