nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 8.11.4 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALPINE-CVE-2018-12115

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

192.168.0.172 (=4.6.1), 2ch (>=0.1.0 <=0.1.3) +6505 more potentially affected by CVE-2017-16129 via superagent (>=0.10.0 <=3.6.3)

superagent NPM version =0.10.0, =0.1.0, =0.13.0, =0.0.2, =0.0.1, =1.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.1.0, =0.1.6 and more Source cves: CVE-2017-16129 Source advisory: OSV:GHSA-8225-6CVR-8PQP...

CVE-2018-1000620

A flaw was found in the nodejs-cryptiles library prior to version 4.1.2. Previous versions do not implement cryptographically secure randomness resulting in the randomDigits function returning a pseudo-random data string biased to certain digits. An attacker could exploit this to guess the...

anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...

Fedora Update for nodejs FEDORA-2018-79841c871e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : 1:nodejs (2018-79841c871e)

Update for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for nodejs FEDORA-2018-f59d961d7b

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : nodejs-JSV / nodejs-uri-js (2018-13e08f4b4a)

Update to latest nodejs-uri-js for CVE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for nodejs-JSV FEDORA-2018-13e08f4b4a

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-uri-js FEDORA-2018-13e08f4b4a

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)

Summary A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics CVE-2017-14919 Vulnerability Details Title Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics CVE-2017-14919 Summary NodeJS is shipped as a...

[SECURITY] Fedora 27 Update: nodejs-JSV-4.0.2-12.fc27

JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...

[SECURITY] Fedora 27 Update: nodejs-uri-js-4.2.2-2.fc27

URI.js is an RFC 3986 compliant, scheme extendable URI parsing/validating/resolving library for all JavaScript environments browsers, Node.js, etc...

Fedora Update for nodejs-uri-js FEDORA-2018-373bbbd408

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-JSV FEDORA-2018-373bbbd408

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by...

DEBIAN-CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...