[SECURITY] Fedora 26 Update: nodejs-6.11.1-1.fc26

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

Multiple Node.js Vulnerabilities | Cloud Foundry

Severity High Vendor Node.js Versions Affected Node.js: 4.x versions prior to 4.8.4 6.x versions prior to 6.11.1 7.x versions prior to 7.10.1 8.x versions prior to 8.1.4 Description All current versions of v4.x through to v8.x inclusive are vulnerable to an issue that can be used by an external...

FreeBSD : node.js -- multiple vulnerabilities (3eff66c5-66c9-11e7-aa1d-3d2e663cef42)

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

Updated nodejs packages fix security vulnerability

Node.js has a defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead on an HTTP response, a new-line character may be used to inject additional responses CVE-2016-5325. The tls.checkServerIdentity function in...

Security updates for all active release lines, July 2017

Security updates for all active release lines, July 2017 Update 10-August-2017 Snapshots Re-enabled on 8.3.0 The vulnerability has been patched upstream and snapshots have been re-enabled in 8.3.0 Expect a backport and update with the next release of 6.x Download Node.js v8 Current Update...

node.js -- multiple vulnerabilities

Updates are now available for all active Node.js release lines as well as the 7.x line. These include the fix for the high severity vulnerability identified in the initial announcement, one additional lower priority Node.js vulnerability in the 4.x release line, as well as some lower priority fix...

DNS Reconnaissance: AQUATONE

DNS Reconnaissance AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for...

pwned - A command-line tool for querying the 'Have I been pwned?' service

A command-line tool for querying Troy Hunt 's Have I been pwned? service using the hibp Node.js module. Installation npm install pwned -g Usage Usage: pwned option | command Commands: ba options get all breaches for an account username or email address breaches options get all breaches in the...

CVE-2017-7474

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

Authentication flaw

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

CVE-2017-7474

CVE-2017-7474 affects the Keycloak Node.js adapter (versions 2.5–3.0). The root cause is improper handling of invalid tokens, which could allow an attacker to bypass authentication and access restricted information, or conduct further attacks. Public references describe this as an authentication ...

CVE-2017-7474

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

Important: Red Hat Security Advisory: Red Hat Single Sign-On Node.js adapter security update

An update to the Node.js adapter for Red Hat Single Sign-On 7.1 is now available from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2017-7474

It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks...

Web Exploit Detector - Tool To Detect Possible Infections, Malicious Code And Suspicious Files In Web Hosting Environments

The Web Exploit Detector is a Node.js application and NPM module used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites. Running the application will generate a list of...

Mapbox: Node modules path disclosure due to lack of error handling

On May 2nd, 2017 @apapedulimu reported an issue where changing a POST request to a GET request on one of our integration servers returned a full error stack trace rather than an HTTP 404 error. The full error stack trace revealed the full path of the Node.js modules directory on the integration...

Node.js Security Scanner: Web Exploit Detector

Node.js Security Scanner: Web Exploit Detector The Web Exploit Detector is a Node.js application and NPM module used to detect possible infections, malicious code and suspicious files in web hosting environments. This application is intended to be run on web servers hosting one or more websites...

Nvidia GeForce Experience Node.js security vulnerability

Application Whitelisting Application whitelisting is an important security concept which can be found in many environments during penetration testing. The basic idea is to create a whitelist of allowed applications and after that only allow the execution of applications which can be found in that...

openSUSE Security Update : nodejs4 (openSUSE-2017-442)

This update for nodejs4 fixes the following issues : - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 - build:...

math.js remote code execution vulnerability

This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...