Joyent Node.js Express web framework cross-site scripting vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. Express web framework is one of the lightweight Web framework. A cross-site scripting vulnerability exists in Joyent Node.js in the Express web framework versions...

Fedora Update for nodejs FEDORA-2017-7c1621d2e8

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 1:nodejs (2017-81522ac6d8)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Fedora 24 : 1:nodejs (2017-aa44293a53)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw ESA-2017-14 The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests...

UBUNTU-CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

DEBIAN-CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

Fedora Update for nodejs FEDORA-2017-81522ac6d8

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2017-aa44293a53

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : 1:nodejs (2017-7c1621d2e8)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

AZL-45075 CVE-2017-1000048 affecting package nodejs-nodemon 2.0.3-5

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps

Facebook’s Delegated Account Recovery, a protocol that allows applications to delegate account recovery permission to third-party applications, entered its beta phase today with the release of SDKs and additional support for new platforms. The feature has been running on a trial basis since late...

SUSE-SU-2017:0855-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 build: shared...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution (CVE-2014-7205)

An un-authenticated code injection vulnerability exists in the Bassmaster Nodejs plugin for Hapi. The vulnerability is due to improper input validation within the batch endpoint. Successful exploitation could allow an attacker to execute arbitrary code...

openSUSE Security Update : nodejs (openSUSE-2017-284)

nodejs was updated to LTS release 4.7.3 to fix the following issues : - deps: upgrade embedded openssl sources to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, boo1022085, boo1022086, boo1009528 Changes in LTS release 4.7.1 : - build: shared library support is now working for AIX builds -...

SUSE-SU-2017:0431-1 Security update for nodejs6

This update for nodejs6 fixes the following issues: New upstream LTS release 6.9.5. The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 Other fixes: - Add basic check that Node.js loads successfully to spec file - New...

UBUNTU-CVE-2013-7451

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

DEBIAN-CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...

UBUNTU-CVE-2013-7454

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via nested forbidden strings...

UBUNTU-CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...