nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.6 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Photon OS 2.0: Nodejs PHSA-2021-2.0-0330

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0330. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14795...

Fedora: Security Advisory for nodejs (FEDORA-2021-6aaba80ba2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-3WJ8-VP9H-RM6M total.js Remote Code Execution Vulnerability

total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Remote Code Execution RCE via set. PoC js // To be ru...

CVE-2018-3774

A flaw was found in nodejs-url-parse. The wrong hostname can be returned, due to incorrect parsing, which can lead to a variety of vulnerabilities. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0330

An update of 'nodejs' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2021-0330

Updates of 'nodejs' packages of Photon OS have been released...

USN-4796-1 nodejs vulnerabilities

Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...

USN-4776-1 node-semver vulnerability

It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...

nodejs: DNS rebinding in --inspect

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

Important: Red Hat Security Advisory: rh-nodejs12-nodejs security update

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion

A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...

nodejs: DNS rebinding in --inspect

A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...

@anandsuresh/smart-stream (>=1.0.1 <=1.1.0), @anandsuresh/smart_stream (=1.0.0) +10 more potentially affected by CVE-2021-21368 via msgpack5 (>=4.0.2 <=4.4.0)

msgpack5 NPM version =4.0.2, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.2, =1.2.9, =2.0.0, =0.5.6, =0.1.0, =0.1.3 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...

Fedora: Security Advisory for nodejs (FEDORA-2021-f6bd75e9d4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nodejs (FEDORA-2021-a760169c3c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 8 : nodejs:12 (CESA-2021:0549)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0549 advisory. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 - nodejs-mixin-deep: prototype pollution in...

CentOS 8 : nodejs:10 (CESA-2021:0735)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0735 advisory. - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 - nodejs: DNS rebinding in --inspect CVE-2021-22884 Note that Nessus...