Download
| Alert*
oval:org.secpod.oval:def:708602
nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:19500180 An HTTP Request Smuggling vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied , an attacker can use this flaw to inject arbitrary messages through the proxy. The highest t ... oval:org.secpod.oval:def:3300665 SUSE Security Update: Security update for nodejs16 oval:org.secpod.oval:def:507162 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * nodejs-ini: Prototype pollution via malicious INI f ... oval:org.secpod.oval:def:5800103 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * nodejs-ini: Prototype pollution via malicious INI f ... oval:org.secpod.oval:def:507145 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: DNS rebinding in --inspect via invalid IP addresses * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * nodejs: H ... oval:org.secpod.oval:def:4501103 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs-ansi-regex: Regular expression denial of service matching ANSI escape codes * nodejs: DNS rebinding in --inspect via invalid IP addresses * ... oval:org.secpod.oval:def:507143 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs . Security Fix: * nodejs: DNS rebinding in --inspect via invalid IP address ... oval:org.secpod.oval:def:96486 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:94744 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:1506004 nodejs [1:14.20.0-2] - Replace with_* macros with RPM confitionals - Unify configure calls into single command - Refactor bootstrap-related parts - Decouple dependency bundling from bootstrapping - Resolves: RHBZ#2111417 [1:14.20.0-1] - Rebase to latest version - Resolves: RHBZ#2106367 - CVE fixes f ... oval:org.secpod.oval:def:89046898 This update for nodejs10 fixes the following issues: - CVE-2021-22930, CVE-2021-22940: Fixed two memory corruption issues during HTTP/2 stream cancellation . - CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2021-22960, CVE-2021-22959: Fixed multiple HTTP request smuggling issues in the underlyi ... oval:org.secpod.oval:def:124617 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:89046796 This update for nodejs12 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses . - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding . - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of ... oval:org.secpod.oval:def:2500798 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:3300355 SUSE Security Update: Security update for nodejs10 oval:org.secpod.oval:def:89046793 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses . - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding . - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of ... oval:org.secpod.oval:def:89327 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. oval:org.secpod.oval:def:3300296 SUSE Security Update: Security update for nodejs18 oval:org.secpod.oval:def:85368 The host is installed with Node.js 14.0.0 before 14.20.0, 16.0.0 before 16.16.0, 18.0.0 before 18.5.0 and is an OS command injection vulnerability. A flaw is present in the application which fails to validate IP address. On successful exploitation, due to an insufficient IsAllowedHost check that can ... oval:org.secpod.oval:def:1505999 nodejs [1:16.16.0-3] - Fix build - Resolves: RHBZ#2111416 [1:16.16.0-2] - Refactor spec - Resolves: RHBZ#2111416 [1:16.16.0-1] - Rebase to latest version - Resolves: RHBZ#2106369 - CVE fixes for CVE-2022-32212/3/4/5 - Resolves: #2109578, #2109581, #2109584, #2109588 nodejs-nodemon [2.0.19-2] - Switc ... oval:org.secpod.oval:def:3300897 SUSE Security Update: Security update for nodejs12 oval:org.secpod.oval:def:2600024 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:507151 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs-ansi-regex: Regular expression denial of service matching ANSI escape codes * nodejs: DNS rebinding in --inspect via invalid IP addresses * ... oval:org.secpod.oval:def:96456 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:4501114 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * nodejs: DNS rebinding in --inspect via invalid IP addresses * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding * nodejs: H ... oval:org.secpod.oval:def:3300717 SUSE Security Update: Security update for nodejs14 oval:org.secpod.oval:def:2107687 Oracle Solaris 11 - ( CVE-2022-32213 ) oval:org.secpod.oval:def:124468 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:1506032 nodejs [16.16.0-1] - Rebase to version 16.16.0 Resolves: RHBZ#2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 [16.14.0-5] - Decouple dependency bundling from bootstrapping nodejs-nodemon oval:org.secpod.oval:def:610359 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. oval:org.secpod.oval:def:124467 Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:2107810 Oracle Solaris 11 - ( CVE-2022-35256 ) |