86 matches found
CLSA-2025-1761084810 nodejs: Fix of CVE-2023-38552
CVE-2023-38552: use tamper-proof integrity check function to prevent tampering with Hash class internals in policy mechanism...
EUVD-2023-34962
Malicious code in bioql PyPI...
EUVD-2023-36803
Malicious code in bioql PyPI...
EUVD-2023-36290
Malicious code in bioql PyPI...
EUVD-2023-36294
Malicious code in bioql PyPI...
TencentOS Server 3: nodejs:18 (TSSA-2023:0232)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0232 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2023-30581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerabili...
Linux Distros Unpatched Vulnerability : CVE-2023-32006
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...
CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)
The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...
BIT-NODE-MIN-2023-32002
The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...
BIT-NODE-MIN-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
BIT-NODE-MIN-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...
USN-6822-1 nodejs vulnerabilities
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...
USN-6822-1: Node.js vulnerabilities
It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...
RHEL 8 : 14_nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...
RHEL 8 : nodejs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 - nodejs: integrity checks according ...
BIT-NODE-2023-30581
The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...
BIT-NODE-2023-32002
The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...
BIT-NODE-2023-32006
The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...
BIT-NODE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...