4309 matches found
nodejs: DNS rebinding in --inspect
A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: DNS rebinding in --inspect
A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...
@anandsuresh/smart-stream (>=1.0.1 <=1.1.0), @anandsuresh/smart_stream (=1.0.0) +10 more potentially affected by CVE-2021-21368 via msgpack5 (>=4.0.2 <=4.4.0)
msgpack5 NPM version =4.0.2, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.2, =1.2.9, =2.0.0, =0.5.6, =0.1.0, =0.1.3 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...
Fedora: Security Advisory for nodejs (FEDORA-2021-f6bd75e9d4)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for nodejs (FEDORA-2021-a760169c3c)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CentOS 8 : nodejs:12 (CESA-2021:0549)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0549 advisory. - nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties CVE-2018-3750 - nodejs-mixin-deep: prototype pollution in...
CentOS 8 : nodejs:10 (CESA-2021:0735)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0735 advisory. - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 - nodejs: DNS rebinding in --inspect CVE-2021-22884 Note that Nessus...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 1.2.2 security and bug fix update
An update is now available for Red Hat Ansible Automation Platform 1.2.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Oracle Linux 8 : nodejs:14 (ELSA-2021-0744)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0744 advisory. - Fix CVE-2020-10531 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
nodejs: DNS rebinding in --inspect
A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
nodejs: DNS rebinding in --inspect
A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...
Important: Red Hat Security Advisory: nodejs:10 security update
An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs: DNS rebinding in --inspect
A flaw was found in nodejs. A denial of service is possible when the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS over the network. If the attacker controls the victim's DNS server or can spoof its response...
nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
A flaw was found in nodejs. When too many connection attempts with an 'unknownProtocol' are established a leak of file descriptors can occur leading to a potential denial of service. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and...
Important: Red Hat Security Advisory: nodejs:12 security update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs:14 security and bug fix update
An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...
RHEL 8 : nodejs:10 (RHSA-2021:0738)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0738 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...