anvil-connect (>=0.1.0 <=0.1.39), anvil-connect-jwt (>=0.1.0 <=0.1.2) +49 more potentially affected by CVE-2017-16021 via uri-js (>=1.4.2 <=2.1.1)

uri-js NPM version =1.4.2, =0.1.0, =0.1.0, =0.1.0, =0.2.12, =1.15.0, =0.1.0, =0.1.2, =0.4.2, =1.0.0, =0.0.1, =1.0.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-16021 Source advisory: OSV:GHSA-333W-RXJ3-F55R...

Fedora Update for nodejs FEDORA-2018-79841c871e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : 1:nodejs (2018-79841c871e)

Update for security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for nodejs FEDORA-2018-f59d961d7b

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-JSV FEDORA-2018-13e08f4b4a

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : nodejs-JSV / nodejs-uri-js (2018-13e08f4b4a)

Update to latest nodejs-uri-js for CVE fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora Update for nodejs-uri-js FEDORA-2018-13e08f4b4a

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)

Summary A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics CVE-2017-14919 Vulnerability Details Title Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics CVE-2017-14919 Summary NodeJS is shipped as a...

[SECURITY] Fedora 27 Update: nodejs-uri-js-4.2.2-2.fc27

URI.js is an RFC 3986 compliant, scheme extendable URI parsing/validating/resolving library for all JavaScript environments browsers, Node.js, etc...

[SECURITY] Fedora 27 Update: nodejs-JSV-4.0.2-12.fc27

JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: The fastest extendable JSON validator available! Complete implementation of all current JSON Schema draft revisions. Supports creating individual environments sandboxes that...

Fedora Update for nodejs-uri-js FEDORA-2018-373bbbd408

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs-JSV FEDORA-2018-373bbbd408

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

DEBIAN-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

DEBIAN-CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by...

UBUNTU-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

Unspecified vulnerability in noderequest

noderequest is a package of request nodes for use in Node.js. A security vulnerability exists in noderequest. An attacker can exploit the vulnerability to steal environment variables...

Express-cart Arbitrary File Upload Vulnerability

express-cart is a shopping cart module for use in Node.js. An arbitrary file upload vulnerability exists in express-cart versions prior to 1.1.7. An attacker can exploit this vulnerability to gain access on a hosted device...

CVE-2017-16184

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

AZL-43819 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-4

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...