Download
| Alert*
oval:org.secpod.oval:def:506293
libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix: * libuv: out-of-bounds read in uv__idna_toascii can lead to information disclosures or crashes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:706069 libuv1: asynchronous event notification library - runtime library libuv could be made to crash or expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:506276 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of serv ... oval:org.secpod.oval:def:506275 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of serv ... oval:org.secpod.oval:def:96763 The host is installed with Node.js 12.x before 12.22.2, 14.x before 14.17.2, or 16.x before 16.4.1 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application which fails to handle the libuv's uv__idna_toascii() function which is used to convert strings to ASCII. Succes ... oval:org.secpod.oval:def:4501226 libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix: * libuv: out-of-bounds read in uv__idna_toascii can lead to information disclosures or crashes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:1505053 [1:1.41.1-1] - Rebase to 1.41.1 - Change description to reflect upstream - Resolves: RHBZ1980033 oval:org.secpod.oval:def:2500453 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2500310 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2500316 libuv is a multi-platform support library with a focus on asynchronous I/O. oval:org.secpod.oval:def:74224 An out-of-bounds read was discovered in the uv__idna_to_ascii function of Libuv, an asynchronous event notification library, which could result in denial of service or information disclosure. oval:org.secpod.oval:def:2107049 Oracle Solaris 11 - ( CVE-2021-22921 ) oval:org.secpod.oval:def:1505062 nodejs [1:14.17.3-2] - Resolves: RHBZ#1980032, RHBZ#1978203 - Resolves RHBZ#1842826 - Don"t use patch3 [1:14.17.3-1] - Resolves: RHBZ#1980032, RHBZ#1978203 - Resolves RHBZ#1842826 - Resolves CVE-2021-22918, use system cipher list [1:14.16.0-3] - Resolves: RHBZ#1930775 - Always build with systemtap oval:org.secpod.oval:def:506289 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of service via sho ... oval:org.secpod.oval:def:1505061 nodejs [1:12.22.3-2] - Resolves: RHBZ#1980031, RHBZ#1978201 - Fix typo, BR systemtap-sdt-level always, remove y18n patch [1:12.22.3-1] - Resolves: RHBZ#1980031, RHBZ#1978201 - Resolves #1952915 - Resolves CVE-2021-22918, use system cipher list nodejs-nodemon [2.0.3-1] - Resolves: RHBZ#1920692, RHBZ# ... oval:org.secpod.oval:def:73695 libuv1: asynchronous event notification library - runtime library libuv could be made to crash or expose sensitive information if it received a specially crafted input. oval:org.secpod.oval:def:74592 libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix: * libuv: out-of-bounds read in uv__idna_toascii can lead to information disclosures or crashes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related ... oval:org.secpod.oval:def:74591 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of service via sho ... oval:org.secpod.oval:def:89045099 This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read - CVE-2021-27290: ssri Regular Expression Denial of Service - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service - CVE-2020-7 ... oval:org.secpod.oval:def:605574 An out-of-bounds read was discovered in the uv__idna_to_ascii function of Libuv, an asynchronous event notification library, which could result in denial of service or information disclosure. oval:org.secpod.oval:def:1702042 Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to informa ... oval:org.secpod.oval:def:506285 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of service via sho ... oval:org.secpod.oval:def:74590 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-hosted-git-info: Regular Expression denial of service via sho ... |