7863 matches found
[SECURITY] Fedora 18 Update: nodejs-inherits1-1.0.0-11.fc18
A tiny simple way to do classic inheritance in JavaScript. This is the legacy version used by many Node.js modules for many years, and is retained for backward compatibility. New modules should use the inheritance functionality available in core Node.js or use the new version of inherits if they...
CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...
Code injection
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...
CVE-2013-4660
CVE-2013-4660 affects the JS-YAML package for Node.js prior to 2.0.5. The vulnerability arises when parsing YAML input with the unsafe !!js/function tag, which can trigger an eval and allow remote code execution. IBM X-Force/other sources confirm a high-severity impact (code execution via crafted...
CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...
Fedora Update for nodejs FEDORA-2012-20578
Check for the Version of nodejs OpenVAS Vulnerability Test Fedora Update for nodejs FEDORA-2012-20578 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Fedora 18 : libuv-0.10.3-1.fc18 / nodejs-0.10.2-1.fc18 / v8-3.14.5.8-1.fc18 (2012-20578)
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
[SECURITY] Fedora 18 Update: nodejs-0.10.2-1.fc18
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
Design/Logic Flaw
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...
CVE-2012-2330
The CVE-2012-2330 entry affects Node.js, where the Update method in src/node_http_parser.cc fails to properly check string length in versions prior to 0.6.17 and 0.7 prior to 0.7.8. This could allow remote attackers to read sensitive request header contents and potentially spoof HTTP headers via ...
PT-2012-3956 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 0.6.17 Node.js versions prior to 0.7.8 Description: The issue allows remote attackers to obtain sensitive information, such as request header contents, and possibly spoof HTTP headers via a zero-length string. This i...
Node.js HTTP parsing vulnerability-vulnerability warning-the black bar safety net
Indicates a temporary no nodejs in the field, and nodejs in the country I'm in Ali cloud seen once, it is sent to it. the poc in this: https://gist.github.com/2628868 The official announcement on this: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/...
CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
CVE-2011-5037
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...
Design/Logic Flaw
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters, as demonstrated by attacks against Node.js...