CVE-2020-5977

CVE-2020-5977 details (NVIDIA GeForce Experience Windows) : A vulnerability in the NVIDIA Web Helper NodeJS Web Server exists in GeForce Experience all versions before 3.20.5.70. The issue stems from an uncontrolled search path used to load a Node.js module, enabling a local attacker to potential...

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Nvidia, which makes gaming-friendly graphics processing units GPUs, has issued fixes for two high-severity flaws in the Windows version of its GeForce Experience software. GeForce Experience is a supplemental application to the GeForce GTX graphics card — it keeps users’ drivers up-to-date,...

Oracle Linux 8 : nodejs:12 (ELSA-2020-4272)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4272 advisory. nodejs 1:12.18.4-2 - Resolves: RHBZ1883966 - nodejs-devel not installable due to missing brotli - Some spec fixes 12.18.4-1 - Rebase to 12.18.4...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

RHEL 8 : nodejs:12 (RHSA-2020:4272)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4272 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Photon OS 3.0: Nodejs PHSA-2020-3.0-0150

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0150. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14148...

Photon OS 2.0: Nodejs PHSA-2020-2.0-0288

An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-2.0-0288. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid14144...

OPENSUSE-SU-2020:1660-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak through log files bsc1173937. - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation...

Important Photon OS Security Update - PHSA-2020-0150

Updates of 'nodejs' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2020-3.0-0150

Updates of 'nodejs' packages of Photon OS have been released...

SUSE-SU-2020:2829-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak through log files bsc1173937. - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation...

SUSE-SU-2020:2812-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...

CVE-2019-20920

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to...

CVE-2019-20922

A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of...

Updated nodejs packages fix security vulnerabilities

The nodejs package has been updated to the latest version in the 10.x branch, which is 10.22.1 at this time. It fixes several security issues and other bugs. See the upstream changelog and advisories for details...

CVE-2020-8237

A flaw was found in nodejs-json-bigint. A Prototype pollution in json-bigint npm may lead to a denial-of-service DoS attack...

ALPINE-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

ALPINE-CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

CVE-2020-1694

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions...

CVE-2020-1694

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions...