Fedora Update for nodejs-tough-cookie FEDORA-2016-286a8ec5b0

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for nodejs FEDORA-2016-7a3a0f0198

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : nodejs (openSUSE-2016-1277)

This update for nodejs fixes the following issues : - New upstream LTS version 4.6.1 - c-ares : + CVE-2016-5180: fix for single-byte buffer overwrite - Fix nodejs-libpath.patch so ppc doesn't fail to build %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Red Hat OpenShift Container Platform nodejs Denial of Service Vulnerability

Red Hat OpenShift Container Platform is a Red Hat application platform that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. nodejs is a web application platform built on top of Google's V8...

Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)

require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...

Fedora 24 : 1:nodejs (2016-7a3a0f0198)

Update to 4.6.1 security Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution

require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit

This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution

This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...

Fedora 24 : 1:nodejs (2016-861b8c46b7)

https://nodejs.org/en/blog/release/v4.6.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:2496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for nodejs (important)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...

SUSE-SU-2016:2470-1 Security update for nodejs4

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...

SUSE-SU-2016:2470-2 Security update for nodejs4

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...

Fedora 23 : nodejs-tough-cookie (2016-286a8ec5b0)

Security fix for Denial of service via long string of semicolons Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

F5 Networks BIG-IP : NodeJS vulnerability (K15311661)

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. CVE-2016-2086 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Fedora 23 : nodejs-string-dot-prototype-dot-repeat (2016-aa394a130e)

Update for security reasons Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Fedora Update for nodejs-string-dot-prototype-dot-repeat FEDORA-2016-aa394a130e

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2016-0307 Updated nodejs packages fix security vulnerability

Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution CVE-2016-1669. The primary npm registry has used HTTP bearer tokens to...

nodejs-negotiator: Regular expression denial-of-service

A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...