7863 matches found
Updated nodejs package fixes security vulnerabilities
A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...
Moderate: Red Hat Security Advisory: nodejs010-nodejs security update
Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
[SECURITY] Fedora 20 Update: nodejs-0.10.21-1.fc20
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 18 Update: nodejs-0.10.21-1.fc18
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 19 Update: nodejs-0.10.21-1.fc19
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
Fedora Update for nodejs FEDORA-2013-19497
Check for the Version of nodejs OpenVAS Vulnerability Test Fedora Update for nodejs FEDORA-2013-19497 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Fedora 18 : libuv-0.10.18-1.fc18 / nodejs-0.10.21-1.fc18 (2013-19491)
This release contains a security fix for the http server implementation, please upgrade as soon as possible. For more information, see . 2013.10.18, node.js Version 0.10.21 Stable - crypto: clear errors from verify failure Timothy J Fontaine - dtrace: interpret two byte strings Dave Pacheco - fs:...
Fedora 19 : libuv-0.10.18-1.fc19 / nodejs-0.10.21-1.fc19 (2013-19497)
This release contains a security fix for the http server implementation, please upgrade as soon as possible. For more information, see . 2013.10.18, node.js Version 0.10.21 Stable - crypto: clear errors from verify failure Timothy J Fontaine - dtrace: interpret two byte strings Dave Pacheco - fs:...
Node.js HTTP Pipelining Denial of Service
This module exploits a Denial of Service DoS condition in the HTTP parser of Node.js versions released before 0.10.21 and 0.8.26. The attack sends many pipelined HTTP requests on a single connection, which causes unbounded memory allocation when the client does not read the responses. This module...
DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)
DoS Vulnerability fixed in Node v0.8.26 and v0.10.21 Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to...
CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...
CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...
CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...
CVE-2013-4450
CVE-2013-4450 affects Node.js HTTP server in 0.10.x before 0.10.21 and 0.8.x before 0.8.26. The vulnerability allows a remote attacker to cause a denial of service by sending a large number of pipelined HTTP requests without reading responses, leading to memory and CPU consumption and possible ex...
CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...
CVE-2013-4450
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service memory and CPU consumption by sending a large number of pipelined requests without reading the response...
KLA10275 DoS vulnerability in Node.js
An unspecified vulnerability was found in Node.js. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed request. Original advisories - Related products Node.js CVE list Solution Update to latest version...
FreeBSD : node.js -- DoS Vulnerability (206f9826-a06d-4927-9a85-771c37010b32)
node.js developers report This release contains a security fix for the http server implementation, please upgrade as soon as possible. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...
node.js -- DoS Vulnerability
node.js developers report This release contains a security fix for the http server implementation, please upgrade as soon as possible...
Nodejs js-yaml load() Code Execution
This module can be used to abuse node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package 'Nodejs js-yaml load Code Execution', 'Description' = %q This module can be used to abuse node.js applications that parse user-supplied YAML input using the...