RHSA-2026:7302 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

EUVD-2026-17174

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

ALPINE-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

UBUNTU-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

RockyLinux 8 : nodejs:22 (RLSA-2025:11803)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:11803 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the RockyLinux security advisory. Note tha...

Oracle Linux 8 : nodejs:22 (ELSA-2025-1611)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1611 advisory. - Upgrade to version 22.13.1 Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76362 RHEL-76897 Tenable has extracted the preceding...

Ivanti Secure Access 22.x Multiple Vulnerabilities

The Ivanti Secure Access installed on the remote host is 22.x. It is, therefore, affected by multiple vulnerabilities: - A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. CVE-2023-38042 - A local privilege...

CVE-2024-53566

An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

PT-2024-32825

Name of the Vulnerable Software and Affected Versions Wasmtime versions 19.0.0 through 20.0.0 Wasmtime versions 21.0.0 through 21.0.1 Wasmtime versions 22.0.0 Wasmtime versions 23.0.0 through 23.0.2 Wasmtime versions 24.0.0 Wasmtime versions 25.0.0 through 25.0.1 Description A race condition in...

PT-2024-25531 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x below 21.2s10 Cosy+ devices versions 22.x below 22.1s3 Description: The issue is related to insecure permissions, where several processes are executed with elevated privileges. This is an example of Execution with...

PT-2024-3723 · Oracle +1 · Oracle Graalvm Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to insufficient protection of internal data in the Compiler component of Oracle GraalVM for JDK a...

Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

Binary data ivanticsCVE-2024-21887.nbin...

PT-2023-30508 · Relyum · Rely-Pcie

Name of the Vulnerable Software and Affected Versions: Relyum RELY-PCIe version 22.2.1 Description: An issue was discovered in the Relyum RELY-PCIe device, where the authorization mechanism is not enforced in the web interface. This allows a low-privileged user to execute administrative functions...

PT-2023-12954 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include malicious code. This code is then downloaded as a...

PT-2023-25828 · Unknown +1 · Bitcoin Core +1

Name of the Vulnerable Software and Affected Versions: Bitcoin Core version 22 Description: The issue is related to memory management and protection in Bitcoin Core, allowing attackers to modify the stored sending address within the app's memory. This could potentially enable them to redirect...

PT-2022-6442 · Nokia · Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to the lack of input validation when creating a working set in the NetAct system, allowing an attacker to inject a client-side template payload. This can lead to the...

CVE-2022-26017

Improper access control in the IntelR DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access...

CVE-2022-29975

An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0...

PT-2021-5985 · Adobe · After Effects

Name of the Vulnerable Software and Affected Versions: Adobe After Effects versions 22.0 and earlier Adobe After Effects versions 18.4.2 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe After Effects, which could lead to disclosure of sensitive memory...

Mozilla Firefox Security Advisory (MFSA2013-50) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...