Updated nodejs packages fix security vulnerability

Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...

CVE-2021-44533

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

Description of the security update for SharePoint Server 2019 Language Pack: January 11, 2022 (KB5002108)

Description of the security update for SharePoint Server 2019 Language Pack: January 11, 2022 KB5002108 Summary This security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

PT-2021-19922 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions 1.16.5 through 1.19.0 Description: The issue affects Envoy, an open source L7 proxy and communication bus. In the affected versions, when the ext-authz extension sends request headers to the external authorization service, it...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

CVE-2021-34555

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a multi-value From header field...

SS-2018-017: Possible PHP Object Injection via Multi-Value Field Extension

More info at https://www.silverstripe.org/download/security-releases/ss-2018-017/...

[SECURITY] [DSA 4191-2] redmine regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4191-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4191-2] redmine regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-4191-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 03, 2018 https://www.debian.org/security/faq -...

Redmine cross-site scripting vulnerability (CNVD-2017-31960)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/helpers/applicationhelper.rb file in Redmine...

Redmine cross-site scripting vulnerability (CNVD-2017-31959)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/helpers/querieshelper.rb file in Redmine version...

CVE-2017-15568

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/applicationhelper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history...

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

CVE-2017-15568

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/applicationhelper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history...

UBUNTU-CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...

Design/Logic Flaw

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/applicationhelper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history...

CVE-2017-15569

In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...