[SECURITY] Fedora 27 Update: nodejs-8.11.3-1.fc27

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Node.js third-party modules: stored xss in scrape-metadata when reading metadata from an html page

Hy Module scrape-metadata https://www.npmjs.com/package/scrape-metadata Module Description a module used to scrape meta data contents from an article Vulnerability Description It was possible to embed malicious js code in metadata content read by scrape-metadata. When library reads such metadata,...

Fresh Denial of Service Vulnerability

Fresh is a Node.js module that uses request and response headers to detect response freshness. A security vulnerability exists in Fresh. An attacker can exploit the vulnerability with the help of specially crafted inputs to cause a denial of service...

Debug Module Denial of Service Vulnerability

debug module is a module for debugging JavaScript utilities in Node.js. A security vulnerability exists in the debug module. An attacker can exploit this vulnerability to cause a denial of service with untrusted user input...

string module denial of service vulnerability

The string module is a lightweight JavaScript library that provides additional String methods for Node.js. A security vulnerability exists in the string module. An attacker can exploit this vulnerability to cause a denial of service with the help of untrustworthy specially crafted input...

CVE-2018-12519

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials...

Hardcoded credentials

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials...

CVE-2018-12519

An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials...

CVE-2018-12519

Summary of CVE-2018-12519 : ShopNx (AngularJS/Node.js/MongoDB-based single-page shopping app) up to 2017-11-17 is vulnerable to an arbitrary file upload in the server-side application. The vulnerability allows a remote attacker to upload a malicious HTML file containing JavaScript payloads, enabl...

Joyent Node.js Denial of Service Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on top of the Google V8 JavaScript engine platform. The platform is primarily used for building highly scalable applications and writing code that can handle tens of thousands of simultaneous connections to a singl...

[SECURITY] Fedora 28 Update: nodejs-8.11.3-1.fc28

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator

Summary IBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Vulnerability Details Review the following security bulletins for IBM Business Process Manager for...

[SECURITY] Fedora 27 Update: nodejs-uri-js-4.2.2-2.fc27

URI.js is an RFC 3986 compliant, scheme extendable URI parsing/validating/resolving library for all JavaScript environments browsers, Node.js, etc...

Security Bulletin: Buffer overflow in V8

Summary Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution. Vulnerability Details CVEID: CVE-2016-1669 DESCRIPTION: Google Chro...

Security Bulletin: Multiple OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software

Summary Multiple OpenSSL vulnerabilities in Node.js were found on May 3, 2016. Vulnerability Details CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when the connection uses an AES CBC cipher and the server support AES-NI...

Security Bulletin: Two ReDoS vulnerabilities in modules included in the Node.js npm tool

Summary Two ReDoS vulnerabilities in modules included in the Node.js npm tool shipped by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2016-2515 DESCRIPTION: Node.JS hawk is vulnerable to a denial of service, caused by an error in the regular expressi...

Security Bulletin: node-uuid unsafe fallback to Math.random (CVE-2015-8851)

Summary A vulnerability in the node-uuid module causes the module to fallback on math.random under certain circumstances, which leads to predictable UUIDs. The node-uuid module is used by the Node.js Package Manager npm. Vulnerability Details CVEID: CVE-2015-8851 DESCRIPTION: node.js node-uuid...

Security Bulletin: Node.js Package Manager (npm) Bearer Token Vulnerability affects IBM Rational Application Developer for WebSphere Software (CVE-2016-3956)

Summary A vulnerability in the Node Package Manager's use of HTTP bearer tokens affects IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2016-3956 DESCRIPTION: npm could allow a remote attacker to obtain sensitive information, caused by the unintentional leakage of bearer tokens from the...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational Application Developer for WebSphere Software (CVE-2016-2842)

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL project. OpenSSL is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability...

Security Bulletin: Rational Application Developer for WebSphere Software in Cordova platform (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)

Summary OpenSSL support for SSL 3.0 fallback protection + other 3 CVEs that affect the IBM SDK for Node.js used by the Cordova platform packaged with IBM Rational Application Developer for WebSphere Software. Vulnerability Details | Subscribe to My Notifications to be notified of important produc...