UBUNTU-CVE-2014-7191

The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service memory consumption by using a large index value to create a sparse array...

DEBIAN-CVE-2014-6394

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory...

Fedora Update for nodejs-qs FEDORA-2014-11399

Check the version of nodejs-qs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868363";...

Fedora Update for nodejs-send FEDORA-2014-11421

Check the version of nodejs-send SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868365";...

Fedora Update for nodejs-qs FEDORA-2014-11376

Check the version of nodejs-qs SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868364";...

Fedora Update for nodejs-send FEDORA-2014-11495

Check the version of nodejs-send SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868362";...

[SECURITY] Fedora 20 Update: nodejs-send-0.3.0-4.fc20

Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...

[SECURITY] Fedora 20 Update: nodejs-qs-0.6.6-3.fc20

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 19 Update: nodejs-qs-0.6.6-3.fc19

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

[SECURITY] Fedora 19 Update: nodejs-send-0.3.0-4.fc19

Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...

Fedora 20 : nodejs-qs-0.6.6-3.fc20 (2014-11376)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

Fedora 19 : nodejs-send-0.3.0-4.fc19 (2014-11495)

When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, staticdirname + '/public' would allow access to dirname + '/public-restricted'...

Fedora 19 : nodejs-qs-0.6.6-3.fc19 (2014-11399)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

Fedora Update for nodejs FEDORA-2014-11065

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2014-10975

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: nodejs-send-0.3.0-4.fc21

Send is Connect's static extracted for generalized use, a streaming static file server supporting partial responses Ranges, conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework...

[SECURITY] Fedora 21 Update: nodejs-qs-0.6.6-3.fc21

This is a query string parser for node and the browser supporting nesting, as it was removed from 0.3.x, so this library provides the previous and commonly desired behavior and twice as fast. Used by express, connect and others...

Fedora 21 : nodejs-qs-0.6.6-3.fc21 (2014-11309)

The qs module has the ability to create sparse arrays during parsing. By specifying a high index it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. More information:...

Fedora 21 : nodejs-send-0.3.0-4.fc21 (2014-11289)

When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For example, staticdirname + '/public' would allow access to dirname + '/public-restricted'...

OpenSSL and Breaking UTF-8 Change (fixed in Node v0.8.27 and v0.10.29)

OpenSSL and Breaking UTF-8 Change fixed in Node v0.8.27 and v0.10.29 Today we are releasing new versions of Node: node-v0.8.27 node-v0.10.29 First and foremost these releases address the current OpenSSL vulnerability CVE-2014-0224, for both 0.8 and 0.10 we've upgraded the version of the bundled...