CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

CVE-2017-1000219

CVE-2017-1000219 (npm/kyleRoss windows-cpu) : All versions vulnerable to command injection causing remote code execution as the Node.js user. The technical basis is that the package’s findLoad method passes user input directly to the shell without validation, enabling arbitrary commands. Document...

CVE-2017-1000219

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user...

GHSA-MW35-24GH-F82W keycloak-connect and keycloak-js improperly handle invalid tokens

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

keycloak-connect and keycloak-js improperly handle invalid tokens

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

[SECURITY] Fedora 26 Update: nodejs-6.11.5-1.fc26

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Fedora 25 : 1:nodejs (2017-c582c1e728)

2017-10-24, Version 6.11.5 'Boron' LTS, @MylesBorins This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched vulnerabilities. Notable Changes - zlib : - CVE-2017-14919 - In zlib...

[SECURITY] Fedora 25 Update: nodejs-6.11.5-1.fc25

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Node.js arbitrary file read Vulnerability(CVE-2017-14849)

Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...

ALPINE-CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

Code injection

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

CVE-2017-14919

CVE-2017-14919 : Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 permit a denial of service via the zlib windowBits parameter set to 8, triggering an uncaught exception and crash. The vulnerability arises from an invalid windowBits value being accepted by the zlib module, leading to...

CVE-2017-14919

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service uncaught exception and crash by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter...

OpenSSL update, 1.0.2m

OpenSSL update, 1.0.2m Update 8-Nov-2017 Node.js Releases Releases were made available for active lines yesterday, each including the OpenSSL 1.0.2m update. As we have not categorized these strictly as security releases they also contain other minor fixes and additions as per our regular release...

Google Patches ‘High Severity’ Browser Bug

UPDATE Google is urging users to update their Chrome desktop browsers to avoid security issues related to a high-severity stack-based buffer overflow vulnerability. Google issued the alert Thursday and said an update for most browsers has been released. “The stable channel has been updated to...