nodejs 信任管理问题漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...

soketi 安全漏洞

soketi is a C application ported to Node.js. soketi suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by attackers to cause a denial of service in the application...

[SECURITY] Fedora 33 Update: nodejs-14.18.1-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 34 Update: nodejs-14.16.0-1.fc34

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. Sharing of objects over calls into JavaScript runtime in allows a remote attacker to potentially exploit heap corruption via a malicious PDF file...

[SECURITY] Fedora 32 Update: nodejs-12.19.0-1.fc32

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

[SECURITY] Fedora 31 Update: nodejs-12.14.1-3.fc31

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

BSON ObjectID Input Validation Error Vulnerability

BSON ObjectID is a module for creating and parsing ObjectIDs for use in Node.js. An input validation error vulnerability exists in BSON ObjectID version 1.3.0 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. An attacker could use th...

UBUNTU-CVE-2019-5772

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Design/Logic Flaw

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

CVE-2019-5772

Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

CVE-2019-5772

The CVE-2019-5772 entry affects Google Chrome's PDFium component. Description: Sharing of objects over calls into the JavaScript runtime in PDFium can lead to heap corruption when processing a crafted PDF, enabling a remote attacker to potentially exploit the issue. Affected product/area: Chrome ...

Mozilla: stack out-of-bounds read in Array.prototype.push

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

Vim.Wasm - Vim Editor Ported To WebAssembly

This project is an experimental fork of Vim editor by @rhysd to compile it into WebAssembly using emscripten and binaryen. Try it with your browser NOTICES Please access from a desktop browser Chrome/Firefox/Safari/Edge. Safari seems the best on macOS. Please avoid slow networks. Your browser wil...

[SECURITY] Fedora 25 Update: nodejs-6.11.5-1.fc25

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Node.js: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition, or...

[SECURITY] Fedora 24 Update: nodejs-4.4.6-2.fc24

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...