4309 matches found
Important: Red Hat Security Advisory: rh-nodejs12-nodejs security update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
nodejs: memory corruption in napi_get_value_string_* functions
A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...
RHEL 8 : nodejs:12 (RHSA-2020:2852)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2852 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
nodejs: TLS session reuse can lead to hostname verification bypass
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
nodejs: memory corruption in napi_get_value_string_* functions
A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
nodejs: memory corruption in napi_get_value_string_* functions
A flaw was found in nodejs. Calling napigetvaluestringlatin1, napigetvaluestringutf8, or napigetvaluestringutf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer...
Important: Red Hat Security Advisory: nodejs:12 security update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.2. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
RLSA-2020:2852 Important: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.2. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
ALSA-2020:2848 Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.21.0. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.21.0. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
RHEL 8 : nodejs:10 (RHSA-2020:2849)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2849 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 8 : nodejs:10 (RHSA-2020:2848)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2848 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Unspecified Vulnerability in Red Hat Keycloak (CNVD-2021-17783)
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat keycloak that stems from a NodeJS adapter that does not support verify-token-audience identifiers. A...
Critical Photon OS Security Update - PHSA-2020-0306
Updates of 'kibana', 'atftp', 'nodejs' packages of Photon OS have been released...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0306
An update of 'nodejs', 'atftp', 'kibana' packages of Photon OS has been released...