43 matches found
MiracleLinux 7 : rh-nodejs10-nodejs-10.23.1-2.el7 (AXSA:2021-1479:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1479:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...
Malicious code in yargs-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376960ce1e5da7d01dd733e2ab53f7c0b614b4f98bf23da45b88c2bf3f169037 The package yargs-js was found to contain malicious code. Source: ghsa-malware f0f6199e2f9202a8ae9ecbd9363eb1b1f2d56b7ab11d600b01dd0bc1adcb31c6 Any...
Malicious Package
Overview yargs-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
EUVD-2026-1992
Malicious code in yargs-js npm...
MAL-2026-207 Malicious code in yargs-js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 376960ce1e5da7d01dd733e2ab53f7c0b614b4f98bf23da45b88c2bf3f169037 The package yargs-js was found to contain malicious code. Source: ghsa-malware f0f6199e2f9202a8ae9ecbd9363eb1b1f2d56b7ab11d600b01dd0bc1adcb31c6 Any...
EUVD-2020-1208
Malware in sbrugna...
Malicious code in yargs-help-output (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1337d3becd83c0b3dc233069268371bc9e7395311560038f52cbe73384e4efa5 Any computer that has this package installed or running should be considered fully compromised. All...
MAL-2025-47366 Malicious code in yargs-help-output (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1337d3becd83c0b3dc233069268371bc9e7395311560038f52cbe73384e4efa5 Any computer that has this package installed or running should be considered fully compromised. All...
Linux Distros Unpatched Vulnerability : CVE-2020-7608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yargs-parser could be tricked into adding or modifying properties of Object.prototype using a proto payload. CVE-2020-7608 Note that Nessus relies on the presen...
Exploit for Missing Authorization in Zoneminder
CVE-2023-26035 ZoneMinder Snapshots - Unauthenticated !image...
Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...
Rocky Linux 8 : nodejs:12 (RLSA-2020:5499)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5499 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...
SUSE CVE-2020-7608
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5305)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5305 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 7 : rh-nodejs10-nodejs (RHSA-2021:0521)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0521 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Malicious code in yargs-parxe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfd542fba026c32cc65a6a7b1ea5d51d650de75248275d8463a485ffb37ffcaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7324 Malicious code in yargs-parxe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfd542fba026c32cc65a6a7b1ea5d51d650de75248275d8463a485ffb37ffcaf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Mageia: Security Advisory (MGASA-2021-0170)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the yargs-parser library in application software of Aurora Center involves uncontrolled changes to object prototypes’ attributes, allowing attackers to execute “prototype pollution” attacks.
The vulnerability of the yargs-parser library in application software developed by Avora Center relates to uncontrolled changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...
Updated nodejs-yargs-parser packages fix security vulnerability
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...