Vanetza 安全漏洞

Vanetza is an open source implementation of a suite of in-vehicle communication protocols by the individual developer Raphael Riebl. A security vulnerability exists in Vanetza v26.02, which stems from an OpenSSL exception in the GeoNetworking packet processing pipeline that is not correctly caugh...

Ubuntu: Security Advisory (USN-8076-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8076-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. CVE-2020-13962 It was discovered that Qt incorrectly handled certain XBM image files. If a user or...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

RockyLinux 9 : nodejs:18 (RLSA-2023:2654)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

RLSA-2023:2654 Moderate: nodejs:18 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 18.14.2. Security Fixes: glob-parent: Regular Expression Denial of Service...

EUVD-2020-6136

Malware in sbrugna...

EUVD-2021-19335

Malware in sbrugna...

EUVD-2023-28001

Malicious code in bioql PyPI...

CVE-2025-5987

CVE-2025-5987 affects libssh when using ChaCha20 with OpenSSL. Root cause: OpenSSL error codes alias with SSH_OK, causing libssh to miss detection of an error during ChaCha20-Poly1305 key setup, potentially leading to a partially initialized cipher context and undefined behavior that can compromi...

BIT-NODE-MIN-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

BIT-NODE-2023-23919

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

Medium: nodejs

Issue Overview: In some cases Node.js did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service...

krb5 security, bug fix, and enhancement update

1.20.1-8.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.20.1-8 - Fix datetime parsing in kadmin on s390x - Resolves: rhbz2169985 1.20.1-7 - Fix double free on kdb5util key creation failure - Resolves: rhbz2166603 1.20.1-6 - Add support for MS-PAC extended KDC signature...

RHEL 9 : nodejs:18 (RHSA-2023:2654)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2654 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs:16 security, bug fix, and enhancement update

An update is available for nodejs, nodejs-packaging, module.nodejs-packaging, module.nodejs-nodemon, nodejs-nodemon, module.nodejs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Node.js: OpenSSL error handling issues in nodejs crypto library

A cryptographic vulnerability exists in Node.js 19.2.0, 18.14.1, 16.19.1, 14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js with details below. Vulnerability Details CVEID:CVE-2023-23918 DESCRIPTION: Node.js could allow a remote authenticated attacker to bypass security restrictions,...

SUSE-SU-2023:0608-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

A cryptographic vulnerability exists in Node.js <19.2.0 <18.14.1 <16.19.1 <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.

...