CVE-2016-10553

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier...

CVE-2016-10550

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the limit or order parameters, a malicious user can put in their own SQL statements. This affects sequeliz...

CVE-2016-10553

CVE-2016-10553 affects the Node.js ORM sequelize . The vulnerability is a SQL Injection when user input is concatenated into queries, specifically in patterns like findOne or where: "user input". Affected versions are the pre-3.0 releases; the recommended fix is to upgrade to version 3.0.0 or lat...

CVE-2016-10550

The CVE-2016-10550 issue affects sequelize (ORM for Node.js) where user input into limit or order parameters can be used to inject SQL. Concrete details across documents show affected version: 3.16.0 and earlier. Root cause is improper handling of input in query construction, enabling SQL stateme...

CVE-2016-10554

The CVE concerns sequelize (Node.js ORM). Before 1.7.0-alpha3, sequelize defaults SQLite to MySQL backslash escaping, even though SQLite uses PostgreSQL escaping, creating a SQL injection risk when Sequelize connects to SQLite. Affected: sequelize versions prior to 1.7.0-alpha3. Root cause: escap...

Fedora 27 : nodejs-base64-url (2018-6f962c5533)

Security fix for https://snyk.io/vuln/npm:base64url:20180511 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing addition...

Fedora Update for nodejs-base64-url FEDORA-2018-b64b73ae61

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-mixin-deep FEDORA-2018-ab62814cee

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-base64-url FEDORA-2018-6f962c5533

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: nodejs-base64-url-2.2.0-1.fc27

Base64 encode, decode, escape and unescape for URL applications...

[SECURITY] Fedora 28 Update: nodejs-mixin-deep-1.3.1-1.fc28

Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone...

CVE-2016-10578

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10593

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

CVE-2016-10578

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...

Code injection

unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks...

Sql injection

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

Remote code execution

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

CVE-2016-10556

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

CVE-2016-10593

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker...

CVE-2016-10578

CVE-2016-10578 concerns the unicode package used with Node.js. It states that unicode loads data from unicode.org and, prior to version 9.0.0, downloads binary resources over HTTP, enabling a network attacker to modify or read resources (MitM). According to connected advisories, this can lead to ...