Mageia: Security Advisory (MGASA-2022-0103)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

MGASA-2022-0103 Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

CVE-2021-44531 affecting package nodejs 14.18.1-1

CVE-2021-44531 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-21824 affecting package nodejs 14.18.1-1

CVE-2022-21824 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-44532 affecting package nodejs 14.18.1-1

CVE-2021-44532 affecting package nodejs 14.18.1-1. An upgraded version of the package is available that resolves this issue...

OESA-2022-1584 nodejs-fstream security update

Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink...

generator-rest (=0.2.0), nodejsamazingenerator (>=1.0.0 <=1.70.60-stable) potentially affected by CVE-2022-25296 via bodymen (=1.1.1)

bodymen NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on bodymen and may be impacted: - generator-rest =0.2.0 - nodejsamazingenerator =1.0.0, =1.70.60-stable Source cves: CVE-2022-25296 Source advisory: OSV:GHSA-VHXC-FHM5-QCP9...

? before the @ sign allows one to bypass whitelists

Description ? before the @ sign in HTTP URLs allows one to bypass whitelists Proof of Concept Convince NodeJS HTTP client to make a request to 127.0.0.1 bypassing a google.com whitelist. const parse = require'parse-url' const http = require'http' const url = parse"http://[email protected]" if...

OESA-2022-1544 nodejs-grunt security update

Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that...

OESA-2022-1546 nodejs-jison security update

A parser generator with Bison's API. Security Fixes: Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks.CVE-2020-8178...

openSUSE 15 Security Update : nodejs-electron (openSUSE-SU-2022:0070-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0070-1 advisory. - Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.2 General Availability release images. This update provides security fixes, fixes bugs, and updates the container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

OPENSUSE-SU-2022:0070-1 Security update for nodejs-electron

This update for nodejs-electron fixes the following issues: - Fix webpack-4 with OpenSSL 3.0 Update to version 16.0.9 https://github.com/electron/electron/releases/tag/v16.0.9 Update to version 16.0.8 https://github.com/electron/electron/releases/tag/v16.0.8 - Add devel package with node headers...

Security update for nodejs-electron (important)

openSUSE Security Update: Security update for nodejs-electron Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981...

feling87-nodejs-libs (>=0.0.1 <=0.0.3) potentially affected by CVE-2022-24717 via @finastra/ssr-pages (=0.1.3)

@finastra/ssr-pages NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @finastra/ssr-pages and may be impacted: - feling87-nodejs-libs =0.0.1, =0.0.3 Source cves: CVE-2022-24717 Source advisory: OSV:GHSA-7F63-H6G3-7CWM...

feling87-nodejs-libs (>=0.0.1 <=0.0.3) potentially affected by CVE-2022-24718 via @finastra/ssr-pages (=0.1.3)

@finastra/ssr-pages NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @finastra/ssr-pages and may be impacted: - feling87-nodejs-libs =0.0.1, =0.0.3 Source cves: CVE-2022-24718 Source advisory: OSV:GHSA-W6CX-QG2Q-RVQ8...

Fedora: Security Advisory for nodejs-bash-language-server (FEDORA-2022-7cca5b6d38)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

nodejs trust management issue vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...