Security update for nodejs10 (moderate)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:2953-1 Rating: moderate References: 1188881 1188917 1189369 1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 SUSE: 9.1...

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:1214-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1214-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

SUSE: Security Advisory (SUSE-SU-2021:2824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2790-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling bsc1188917...

SUSE: Security Advisory (SUSE-SU-2021:2790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js 12.x, 14.x, 16.x Multiple Vulnerabilities (Aug 2021) - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Node.js -- August 2021 Security Releases

Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...

Oracle Linux 8 : olcne (ELSA-2021-9396)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9396 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 istio - Address CVE-2021-28683,...

Oracle Linux 7 : olcne (ELSA-2021-9399)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9399 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 - Address CVE-2021-28683,...

Oracle Linux 7 : olcne (ELSA-2021-9397)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9397 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 istio - Address CVE-2021-28683,...

Oracle Linux 8 : olcne (ELSA-2021-9398)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9398 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 - Address CVE-2021-28683,...

Security fix for the ALT Linux 10 package node version 14.17.4-alt1

14.17.4-alt1 built Aug. 2, 2021 Vitaly Lipatov in task 281579 July 30, 2021 Vitaly Lipatov - new version 14.17.4 with rpmrb script - CVE-2021-22930: Use after free on close http2 on stream canceling High - set npm = 6.14.14 - restore minimum ICU version to 65...

PT-2021-5821 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 12.22.4 Node.js versions prior to 14.17.4 Node.js versions prior to 16.6.0 Description: The issue is related to a use after free attack in Node.js, where an attacker might exploit memory corruption to change process...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

Node.js -- July 2021 Security Releases (2)

Node.js reports: Use after free on close http2 on stream canceling High CVE-2021-22930 Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior...

netty: Request smuggling via content-length header

A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The...

CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption...

gRPC Swift 输入验证错误漏洞

gRPC Swift is an open source Swift language implementation of gRPC , it contains a gRPC Swift API and code generator . Provides an API and generated code for gRPC clients and servers and can be built using Xcode or the Swift package manager. A security vulnerability in HTTP2ToRawGRPCServerCodec i...