DoraCMS Encryption Problem Vulnerability

DoraCMS is based on Nodejs+eggjs+mongodb written a content management system . An encryption issue vulnerability exists in DoraCMS 2.1.1 and earlier versions. The vulnerability arises because the program does not use AES-CBC encryption with random salts or IVs, which makes user-encrypted password...

openSUSE Security Update : nodejs-underscore (openSUSE-2021-601)

This update for nodejs-underscore fixes the following issues : Update version to 1.13.1 - Fix security issue boo1184800, CVE-2021-23358 - Fix bugs - Many new features %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

CVE-2019-20149

A flaw was found in nodejs-kind-of. An external user is allowed input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

OESA-2021-1168 nodejs-hosted-git-info security update

Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab Security Fixes: The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected...

nodejs 资源管理错误漏洞

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A resource management error vulnerability exists in...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23383

A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

Node.js mixme 安全漏洞

Npm mixme is an application from the American company Npm. It is used to recursively merge multiple objects. The last object takes precedence over previous objects. A security vulnerability exists in Node.js mixme 0.5.0, which can be exploited by an attacker to add or change the properties of an...

PT-2021-17969 · Npm · Node.Js Mixme

Name of the Vulnerable Software and Affected Versions: Node.js mixme versions prior to 0.5.1 Description: The issue allows an attacker to add or alter properties of an object via proto through the mutate and merge functions. The polluted attribute will be directly assigned to every object in the...

CVE-2021-29486

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. In versions prior to 2.0.0 apps using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs...

PT-2021-18248 · Npm · Cumulative-Distribution-Function

Name of the Vulnerable Software and Affected Versions: cumulative-distribution-function versions prior to 2.0.0 Description: The issue arises when the cumulative-distribution-function library is used with improper data, potentially causing apps to crash or enter an infinite loop. This can occur i...

1-of (>=1.0.0 <=1.0.1), 3klesmanager-common (>=2.0.0 <=2.0.1) +5752 more potentially affected by CVE-2021-29469 via redis (>=2.6.1 <=3.1.0)

redis NPM version =2.6.1, =1.0.0, =2.0.0, =0.0.12, =0.0.12, =3.10.1, =1.0.0, =0.7.0, =1.0.0, =1.0.2, =1.2.1, =2.0.0, =1.0.0, =1.0.0, =2.1.8 and more Source cves: CVE-2021-29469 Source advisory: OSV:GHSA-35Q2-47Q7-3PC3...

Fedora: Security Advisory for nodejs (FEDORA-2021-568b18102a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for nodejs-underscore (openSUSE-SU-2021:0601-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0601-1 Security update for nodejs-underscore

This update for nodejs-underscore fixes the following issues: Update version to 1.13.1 Fix security issue boo1184800, CVE-2021-23358 Fix bugs Many new features...

AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

Fedora: Security Advisory for nodejs (FEDORA-2021-d934acdb42)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for nodejs-underscore (important)

openSUSE Security Update: Security update for nodejs-underscore Announcement ID: openSUSE-SU-2021:0601-1 Rating: important References: 1184800 Cross-References: CVE-2021-23358 CVSS scores: CVE-2021-23358 NVD : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ...

CVE-2021-23379

This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...