CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434

CVE-2022-24434 affects all versions of the Node.js package dicer . A malicious actor can send a modified form to the server, triggering a crash in the nodejs service. Repeated payloads can cause continuous crashes. The connected IBM bulletin confirms the CVE and description but does not provide a...

CVE-2022-24434 Denial of Service (DoS)

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

Design/Logic Flaw

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

Cross site scripting

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25229

CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

SUSE-SU-2022:1694-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...

OESA-2022-1638 nodejs-grunt security update

Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that...

CVE-2022-25324

CVE-2022-25324 affects the npm package bignum. The DoS arises from a type-check exception in V8 when verifying the second argument to the powm function, causing crashes that bypass Node try/catch blocks. Affected versions are not fixed by any known version; remediation is not available. Related a...

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For the vulnerability with attribute CVE-2021-44906,...

SUSE-SU-2022:1462-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...