Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:3211-1 Rating: important References: 1188881 1188917 1189368 1189369 1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 SUSE: 9.1...

RHEL 8 : nodejs:12 (RHSA-2021:3623)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3623 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability...

undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS

A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability...

openSUSE 15 Security Update : nodejs10 (openSUSE-SU-2021:1239-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1239-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

Security update for nodejs10 (moderate)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:1239-1 Rating: moderate References: 1188881 1188917 1189369 1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 SUSE: 9.1...

openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2021:2953-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2021:2954-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2021-33193: Fixed request splitting via HTTP/2 method injection and modproxy bsc1189387...

Security update for nodejs10 (moderate)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:2953-1 Rating: moderate References: 1188881 1188917 1189369 1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 SUSE: 9.1...

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:1214-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1214-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

SUSE: Security Advisory (SUSE-SU-2021:2824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2790-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-22930: http2: fixes use after free on close in stream canceling bsc1188917...

SUSE: Security Advisory (SUSE-SU-2021:2790-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js 12.x, 14.x, 16.x Multiple Vulnerabilities (Aug 2021) - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Node.js -- August 2021 Security Releases

Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...

Oracle Linux 8 : olcne (ELSA-2021-9398)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9398 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 - Address CVE-2021-28683,...

Oracle Linux 7 : olcne (ELSA-2021-9399)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9399 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 - Address CVE-2021-28683,...

Oracle Linux 7 : olcne (ELSA-2021-9397)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9397 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 istio - Address CVE-2021-28683,...