UBUNTU-CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

Fedora Update for nodejs FEDORA-2017-aa44293a53

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2017-81522ac6d8

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : 1:nodejs (2017-7c1621d2e8)

Security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

AZL-45075 CVE-2017-1000048 affecting package nodejs-nodemon 2.0.3-5

the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps

Facebook’s Delegated Account Recovery, a protocol that allows applications to delegate account recovery permission to third-party applications, entered its beta phase today with the release of SDKs and additional support for new platforms. The feature has been running on a trial basis since late...

SUSE-SU-2017:0855-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: - New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 - No changes in LTS version 4.7.2 - New upstream LTS release 4.7.1 build: shared...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution (CVE-2014-7205)

An un-authenticated code injection vulnerability exists in the Bassmaster Nodejs plugin for Hapi. The vulnerability is due to improper input validation within the batch endpoint. Successful exploitation could allow an attacker to execute arbitrary code...

openSUSE Security Update : nodejs (openSUSE-2017-284)

nodejs was updated to LTS release 4.7.3 to fix the following issues : - deps: upgrade embedded openssl sources to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, boo1022085, boo1022086, boo1009528 Changes in LTS release 4.7.1 : - build: shared library support is now working for AIX builds -...

SUSE-SU-2017:0431-1 Security update for nodejs6

This update for nodejs6 fixes the following issues: New upstream LTS release 6.9.5. The embedded openssl sources were updated to 1.0.2k CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc1022085, bsc1022086, bsc1009528 Other fixes: - Add basic check that Node.js loads successfully to spec file - New...

UBUNTU-CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

AZL-45024 CVE-2015-8859 affecting package nodejs-nodemon 2.0.3-5

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

DEBIAN-CVE-2015-8860

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive...

DEBIAN-CVE-2015-8862

mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is not quoted...

UBUNTU-CVE-2013-7454

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via nested forbidden strings...

UBUNTU-CVE-2013-7451

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag...

nodejs: reason argument in ServerResponse#writeHead() not properly validated

It was found that the reason argument in ServerResponsewriteHead was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request...

Node.js: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in Node.js. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly cause a Denial of Service condition, or...

Fedora Update for nodejs FEDORA-2016-43ff70c6b1

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2016-861b8c46b7

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...