Oracle Linux 8 : nodejs:16 (ELSA-2022-6964)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6964 advisory. - Resolves: CVE-2022-35255 CVE-2022-35256 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

RHEL 8 : nodejs:14 (RHSA-2022:6985)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6985 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 9 : nodejs (RHSA-2022:6963)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6963 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

ALSA-2022:6963 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.17.1. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255...

AZL-44451 CVE-2022-3517 affecting package nodejs-nodemon 2.0.3-5

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a...

nodejs:16 security update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

nodejs security update

16.17.1-1 - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256...

Oracle Linux 9 : nodejs (ELSA-2022-6963)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6963 advisory. 16.17.1-1 - Rebase to version 16.17.1 Resolves: CVE-2022-35255 CVE-2022-35256 Tenable has extracted the preceding description block directly from the...

CentOS 8 : nodejs:16 (CESA-2022:6964)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:6964 advisory. - nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 - nodejs: HTTP Request Smuggling due to incorrect parsing of header fields CVE-2022-35256...

ALSA-2022:6964 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. Security Fixes: nodejs: weak randomness in WebCrypto keygen CVE-2022-35255 nodej...

RHEL 8 : nodejs:16 (RHSA-2022:6964)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6964 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Robustel R1510 js_package install OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1577 Robustel R1510 jspackage install OS command injection vulnerability October 14, 2022 CVE Number CVE-2022-33150 SUMMARY An OS command injection vulnerability exists in the jspackage install functionality of Robustel R1510 3.1.16. A specially-crafted netwo...

Moderate Photon OS Security Update - PHSA-2022-4.0-0262

Updates of 'nodejs' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2022-0262

Updates of 'nodejs' packages of Photon OS have been released...

Malicious Package

Overview @moonactive-innersource/ins-profiles-service-sdk-nodejs is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore,...

AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

UBUNTU-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

SUSE-SU-2022:3524-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding bsc1201327. - CVE-2022-35256: Fixed incorrect Parsing of Header Fields...