Download
| Alert*
oval:org.secpod.oval:def:3300867
SUSE Security Update: Security update for nodejs10 oval:org.secpod.oval:def:2107133 Oracle Solaris 11 - ( CVE-2022-21824 ) oval:org.secpod.oval:def:19500180 An HTTP Request Smuggling vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied , an attacker can use this flaw to inject arbitrary messages through the proxy. The highest t ... oval:org.secpod.oval:def:96769 The host is installed with Node.js 12.x before 12.22.9, 14.x before 14.18.3, 16.x before 16.13.2, 17.x before 17.3.1 and is prone to a prototype pollution vulnerability. A flaw is present in the application which fails to handle an issue in the formatting logic of the console.table() function. Succe ... oval:org.secpod.oval:def:507284 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Improper handling of URI Subject Alternative Names * nodejs: Certificate Verification Bypass via String Injection * nodejs: Incorrect handl ... oval:org.secpod.oval:def:608615 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, a bypass of certificate verification or prototype pollution. oval:org.secpod.oval:def:121444 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2501025 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:89046314 This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe . - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite . - CVE-2021-32804: Fixed insufficient absolute path ... oval:org.secpod.oval:def:1506186 nodejs [1:14.20.1-2] - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 [1:14.20.1-1] - Rebase to version 14.20.1 Resolves: CVE-2022-35256 nodejs-packaging [23-3] - Updated - Removed pathfix.py [23-2] - Rebuilt f ... oval:org.secpod.oval:def:1506321 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151546 [1:16.18.1-2] - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [1:16.18.1-1] - Rebase + CVE fixes - Resolves: #214280 ... oval:org.secpod.oval:def:121449 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2501022 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:4501036 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Improper handling of URI Subject Alternative Names * nodejs: Certificate Verification Bypass via String Injection * nodejs: Incorrect handl ... oval:org.secpod.oval:def:507210 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: Improper handling of URI Subject Alternative Names * nodejs: Certificate Verification Bypass via String Injection * nodejs: Incorrect handl ... oval:org.secpod.oval:def:4501076 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs , nodejs-nodemon . Security Fix: * nodejs: Improper handling of URI Subject Alternative Names ... oval:org.secpod.oval:def:507433 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs , nodejs-nodemon . Security Fix: * nodejs: Improper handling of URI Subject Alternative Names ... oval:org.secpod.oval:def:506987 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . This is the last planned rebase before the collection reaches End of Life ... oval:org.secpod.oval:def:83335 The host is installed with Node.js 14.x before 14.18.3, 16.x before 16.13.2 and is prone to a prototype pollution vulnerability. A flaw is present in the application, which fails to handle issues in formatting logic of the "console.table()" function . On successful exploitation, user controlled inpu ... oval:org.secpod.oval:def:88368 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, a bypass of certificate verification or prototype pollution. |