4389 matches found
UBUNTU-CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...
AZL-45024 CVE-2015-8859 affecting package nodejs-nodemon 2.0.3-5
The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...
nodejs: reason argument in ServerResponse#writeHead() not properly validated
It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...
Node.js: Multiple vulnerabilities
Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition, or...
Fedora Update for nodejs FEDORA-2016-43ff70c6b1
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs FEDORA-2016-861b8c46b7
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-tough-cookie FEDORA-2016-286a8ec5b0
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs FEDORA-2016-7a3a0f0198
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Red Hat OpenShift Container Platform nodejs Denial of Service Vulnerability
Red Hat OpenShift Container Platform is a Red Hat application platform that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. nodejs is a web application platform built on top of Google's V8...
openSUSE Security Update : nodejs (openSUSE-2016-1277)
This update for nodejs fixes the following issues : - New upstream LTS version 4.6.1 - c-ares : + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn't fail to build %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...
Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
Fedora 24 : 1:nodejs (2016-7a3a0f0198)
Update to 4.6.1 security Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit
This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution
This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...
openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:2496-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 24 : 1:nodejs (2016-861b8c46b7)
https://nodejs.org/en/blog/release/v4.6.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Security update for nodejs (important)
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...
SUSE-SU-2016:2470-1 Security update for nodejs4
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...
SUSE-SU-2016:2470-2 Security update for nodejs4
This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...