Download
| Alert*
oval:org.secpod.oval:def:5800022
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * minimist: prototype pollution * nodejs-minimatch: R ... oval:org.secpod.oval:def:3300846 SUSE Security Update: Security update for nodejs12 oval:org.secpod.oval:def:19500180 An HTTP Request Smuggling vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied , an attacker can use this flaw to inject arbitrary messages through the proxy. The highest t ... oval:org.secpod.oval:def:3300687 SUSE Security Update: Security update for nodejs10 oval:org.secpod.oval:def:3300722 SUSE Security Update: Security update for nodejs16 oval:org.secpod.oval:def:1506382 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151617 [1:16.18.1-2] - Add back libs and v8-devel subpackages - Related: RHBZ#2121126 - Record previously fixed CVE - Resolves: CVE-2021-44906 [1:16.18.1-1] - Rebase + CVEs - Resolves: #2142808 - Resolves: #2142826, #2131745, ... oval:org.secpod.oval:def:507484 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * minimist: prototype pollution * nodejs-minimatch: R ... oval:org.secpod.oval:def:94166 The host is installed with Node.js 14.0.0 before 14.21.1, 16.0.0 before 16.18.1, 18.0.0 before 18.12.1 or 19.0.0 before 19.0.1 and is prone to an OS command injection vulnerability. A flaw is present in the application which fails to handle insufficient IsAllowedHost check. On successful exploitatio ... oval:org.secpod.oval:def:96486 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:1506240 nodejs [1:18.12.1-1] - Rebase + CVEs - Resolves: #2142809 - Resolves: #2142830, #2142856 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 oval:org.secpod.oval:def:507424 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * nodejs-minimatch: ReDoS via the braceExpand functio ... oval:org.secpod.oval:def:507445 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * minimist: prototype pollution * node-fetch: exposur ... oval:org.secpod.oval:def:507522 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs , rh-nodejs14-nodejs-nodemon . Security Fix: * glob-parent: Regular Expres ... oval:org.secpod.oval:def:94744 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:89047968 This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address . oval:org.secpod.oval:def:4500827 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-minimatch: ReDoS via the braceExpand function * nodejs: DNS ... oval:org.secpod.oval:def:507425 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs-minimatch: ReDoS via the braceExpand function * nodejs: DNS ... oval:org.secpod.oval:def:1506321 nodejs [1:16.18.1-3] - Update sources of undici WASM blobs Resolves: rhbz#2151546 [1:16.18.1-2] - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 [1:16.18.1-1] - Rebase + CVE fixes - Resolves: #214280 ... oval:org.secpod.oval:def:89327 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. oval:org.secpod.oval:def:89048012 This update for nodejs10 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address . oval:org.secpod.oval:def:2501020 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:3300296 SUSE Security Update: Security update for nodejs18 oval:org.secpod.oval:def:2501022 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2500899 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:4501212 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * minimist: prototype pollution * node-fetch: exposur ... oval:org.secpod.oval:def:2600143 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:4501076 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs , nodejs-nodemon . Security Fix: * nodejs: Improper handling of URI Subject Alternative Names ... oval:org.secpod.oval:def:4501155 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs , nodejs-nodemon . Security Fix: * nodejs-minimatch: ReDoS via the braceExpand functio ... oval:org.secpod.oval:def:507433 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages were updated to later upstream versions: nodejs , nodejs-nodemon . Security Fix: * nodejs: Improper handling of URI Subject Alternative Names ... oval:org.secpod.oval:def:1506336 nodejs [1:14.21.1-2] - Apply upstream fix for CVE-2022-24999 Resolves: CVE-2022-24999 - Record CVEs fixed by current or previous upstream releases Resolves: CVE-2021-44906 [1:14.21.1-1] - Rebase to version 14.21.1 Resolves: rhbz#2129805 CVE-2022-43548 CVE-2022-3517 oval:org.secpod.oval:def:610359 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup. oval:org.secpod.oval:def:89047976 This update for nodejs14 fixes the following issues: - Update to 14.21.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address . - Update to 14.21.0: - src: add --openssl-shared-config option oval:org.secpod.oval:def:3301236 SUSE Security Update: Security update for nodejs14 oval:org.secpod.oval:def:1506238 nodejs [1:18.12.1-2] - Update version of bundled histogram [1:18.12.1-1] - Rebase to version 18.12.1 Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517 [1:18.9.1-1] - Rebase to version 18.9.1 Resolves: CVE-2022-35255 CVE-2022-35256 nodejs-nodemon [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-351 ... oval:org.secpod.oval:def:85377 The host is installed with Node.js 14.x before 14.21.1, 16.x before 16.18.1, 18.x before 18.12.1 or 19.x before 19.0.1 and is prone to a DNS rebinding vulnerability. A flaw is present in the application, which fails to handle invalid IP addresses. On successful exploitation, an attacker can perform ... oval:org.secpod.oval:def:2600119 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:2107810 Oracle Solaris 11 - ( CVE-2022-35256 ) |