[ASA-202101-13] nodejs-lts-dubnium: multiple issues

Arch Linux Security Advisory ASA-202101-13 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-dubnium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1403 Summary ======= The package...

SUSE-SU-2021:0062-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

SUSE-SU-2021:0061-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

NodeJS: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

Debian DSA-4826-1 : nodejs - security update

Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nodejs Core Access Control Error Vulnerability

Nodejs Core is a core module compiled into Nodejs from the OpenJS Foundation. This module for Nodejs provides the underlying TCP, HTTP, DNS, file system, subprocesses and other functionality support. A security vulnerability exists in Node Core that can be exploited by an attacker to bypass acces...

[SECURITY] [DSA 4826-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4826-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 06, 2021 https://www.debian.org/security/faq -...

DEBIAN-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

DEBIAN-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

UBUNTU-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Hackers Using Fake Trump's Scandal Video to Spread QNode Malware

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...

CVE-2020-8265

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

nodejs Resource Management Error Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by wrapping the Chromev8 engine as well as the use of event-driven and non-blocking IO applications to make the development of high-performance backend applications in Javascript possible. A resource management error...

nodejs 环境问题漏洞

Nodejs Core is a core module compiled into Nodejs from the OpenJS Foundation. This module for Nodejs provides the underlying TCP, HTTP, DNS, file system, subprocesses and other functionality support. A security vulnerability exists in Node Core that can be exploited by an attacker to bypass acces...

CVE-2020-28282

A flaw was found in nodejs-getobject. The set function does not check for the type of object before assigning value to the property allowing an attacker to create a non-existent property or allow the manipulation of the property which could lead to a denial of service or a remote code execution...

XSS-Scanner - XSS Scanner That Detects Cross-Site Scripting Vulnerabilities In Website By Injecting Malicious Scripts

Cross-Site Scripting XSS is one of the most well known web application vulnerabilities. It even has a dedicated chapter in the OWASP Top 10 project and it is a highly chased vulnerability in bug bounty programs. The scanner gets a link from the user and scan the website for XSS vulnerability by...

CVE-2020-26289

A flaw was found in nodejs-date-and-time. In date-and-time there a regular expression involved in parsing which can be exploited to cause a denial of service...

Prototype Pollution

Overview inireader is a small module for nodejs. You can parse .ini configuration files with it. Affected versions of this package are vulnerable to Prototype Pollution. This vulnerability relates to the parse function is concentrating arrays. Depending on if user input is provided, an attacker c...

Social-Analyzer - API And Web App For Analyzing And Finding A Person Profile Across +300 Social Media Websites (Detections Are Updated Regularly)

An API for analyzing & finding a person profile across +300 social media websites. It includes different string analysis and detection modules, you can choose which combination of modules to use during the investigation. The detection modules utilize a rating mechanism based on different detectio...