Lucene search
+L

7 matches found

OSV
OSV
added 2024/12/16 2:5 p.m.6 views

BIT-NODE-MIN-2021-22939

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...

5.3CVSS7.5AI score0.1473EPSS
Exploits1References10
OPENSUSE Linux
OPENSUSE Linux
added 2021/09/23 12:0 a.m.72 views

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2021:3211-1 Rating: important References: 1188881 1188917 1189368 1189369 1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 SUSE: 9.1...

9.8CVSS9.4AI score0.37286EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2021/09/22 9:6 a.m.9 views

nodejs: Incomplete validation of tls rejectUnauthorized parameter

A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...

5.3CVSS7.3AI score0.1473EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2021/09/04 12:0 a.m.25 views

openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2021:2953-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.2AI score0.37286EPSS
Exploits3References2
OSV
OSV
added 2021/09/03 12:41 p.m.8 views

SUSE-SU-2021:2953-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames bsc1188881. - CVE-2021-22930: Fixed use after free on close http2 on stream canceling bsc1188917. - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter...

9.8CVSS7.6AI score0.37286EPSS
Exploits3References9
OpenVAS
OpenVAS
added 2021/08/25 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2021:2824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.37286EPSS
Exploits3References2
FreeBSD
FreeBSD
added 2021/08/11 12:0 a.m.37 views

Node.js -- August 2021 Security Releases

Node.js reports: cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of host names returned by Domain Name Servers in the Node.js DNS library which c...

9.8CVSS0.7AI score0.21952EPSS
Exploits2References1
Rows per page
Query Builder