Lucene search
+L

86 matches found

OSV
OSV
added 2025/10/21 10:13 p.m.8 views

CLSA-2025-1761084810 nodejs: Fix of CVE-2023-38552

CVE-2023-38552: use tamper-proof integrity check function to prevent tampering with Hash class internals in policy mechanism...

7.5CVSS7.2AI score0.01107EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-34962

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0105EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36803

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01484EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36290

Malicious code in bioql PyPI...

9.8CVSS7.3AI score0.0143EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-36294

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.01273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: nodejs:18 (TSSA-2023:0232)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0232 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7.5AI score0.02761EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-30581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerabili...

7.5CVSS7.5AI score0.0105EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-32006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...

8.8CVSS7.4AI score0.01273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/11 12:0 a.m.6 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2023-32002)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-32002 advisory. - The use of Module.load can bypass the policy mechanism and require modules outside of the...

9.8CVSS7.6AI score0.0143EPSS
Exploits0References2
OSV
OSV
added 2024/12/16 1:58 p.m.17 views

BIT-NODE-MIN-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS8.2AI score0.0143EPSS
Exploits0References3
OSV
OSV
added 2024/12/16 1:57 p.m.9 views

BIT-NODE-MIN-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

8.8CVSS8.2AI score0.01273EPSS
Exploits0References5
OSV
OSV
added 2024/12/16 1:57 p.m.14 views

BIT-NODE-MIN-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS8.9AI score0.01484EPSS
Exploits1References4
OSV
OSV
added 2024/06/10 8:42 a.m.2 views

USN-6822-1 nodejs vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...

9.8CVSS6.9AI score0.01484EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2024/06/10 8:42 a.m.48 views

USN-6822-1: Node.js vulnerabilities

It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. CVE-2023-32002,...

9.8CVSS7.6AI score0.01484EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.27 views

RHEL 8 : 14_nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: DiffieHellman do not generate keys after setting a private key CVE-2023-30590 - The use of proto ...

7.5CVSS7.3AI score0.03906EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 - nodejs: integrity checks according ...

7.6AI score0.03906EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 11:1 a.m.23 views

BIT-NODE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

7.5CVSS7.2AI score0.0105EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:0 a.m.31 views

BIT-NODE-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS8.2AI score0.0143EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:59 a.m.128 views

BIT-NODE-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

8.8CVSS8.2AI score0.01273EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:59 a.m.36 views

BIT-NODE-2023-32559

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS8.5AI score0.01484EPSS
Exploits1References4
Rows per page
Query Builder