CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

Security updates for all active release lines, September 2016

Security updates for all active release lines, September 2016 Update 27-September-2016 Releases available Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific...

[SECURITY] Fedora 23 Update: nodejs-string-dot-prototype-dot-repeat-0.2.0-2.fc23

A robust & optimized String.prototype.repeat polyfill, based on the ECMAScript 6 specification...

MITM BLE Security Assessment: gattacker

MITM BLE Security Assessment A Node.js package for BLE Bluetooth Low Energy Man-in-the-Middle & more The tool creates exact copy of attacked device in Bluetooth layer, and then tricks mobile application to interpret its broadcasts and connect to it instead the original device. At the same time, i...

IBM SDK for Node.js Local Denial of Service Vulnerability

IBM is an information technology and business solutions company. A local denial of service vulnerability exists in IBM SDK for Node.js, which could allow an attacker to crash the application, resulting in a denial of service to legitimate users...

Bluetooth Smart MITM Framework: BtleJuice

Bluetooth Smart MITM Framework BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install...

[SECURITY] Fedora 24 Update: nodejs-tough-cookie-2.3.1-1.fc24

RFC6265 Cookies and Cookie Jar for Node.js...

Fedora 24 : 1:nodejs (2016-c36ab3e363)

https://github.com/nodejs/node/blob/v4.4.4/CHANGELOG.md https://nodejs.org/en/blog/vulnerability/openssl-may-2016/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and form...

Joyent Node.js npm Information Disclosure Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform. npm is one of the package management and distribution tools . An information disclosure vulnerability exists in the CLI of npm versions prior to 2.15.1 and 3.x...

Moderate: Red Hat Security Advisory: nodejs010-node-gyp and nodejs010-nodejs-qs security and bug fix update

An update for nodejs010-node-gyp and nodejs010-nodejs-qs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

CVE-2016-3956

CVE-2016-3956 describes an HTTP bearer token leak in the npm CLI, allowing a remote attacker to obtain sensitive information via Authorization headers. Affected npm versions include prior to 2.15.1 and 3.x prior to 3.8.3, used with Node.js 0.10 (before 0.10.44), 0.12 (before 0.12.13), 4 (before 4...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

[SECURITY] Fedora 24 Update: nodejs-4.4.6-2.fc24

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

[SECURITY] Fedora 24 Update: nodejs-4.4.4-1.fc24

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

SOL23230229 - OpenSSL vulnerability CVE-2016-2109

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Linux Foundation Badge Program Boost Open Source Security

The Linux Foundation says a new Core Infrastructure Initiative CII Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates...

OpenSSL updates, 1.0.1t and 1.0.2h

OpenSSL updates, 1.0.1t and 1.0.2h Update 6-May-2016 New Node.js Releases The following releases have been made available to include the security updates to OpenSSL discussed in the post below. Please upgrade your Node.js installation as soon as possible in order to be protected against the...

CVE-2016-1202

Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line...