Download
| Alert*
oval:org.secpod.oval:def:67549
The host is installed with Node.js 10.0.0 before 10.21.0, 12.0.0 before 12.18.0, 14.0.0 before 14.4.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application which fails to handle napi_get_value_string_*(). Successful exploitation allows various kinds of memory corrupti ... oval:org.secpod.oval:def:93895 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:708427 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:83390 The host is installed with Node.js 14.0.0 before 14.4.0 and is prone to a buffer overflow vulnerability. A flaw is present in the application which fails to handle napi_get_value_string_*(). Successful exploitation allows various kinds of memory corruption. oval:org.secpod.oval:def:66556 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:89000193 This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_* . - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames . - CVE-2020-1053 ... oval:org.secpod.oval:def:66557 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:505061 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * ICU: Integer overflow in UnicodeString::doAppend * nghtt ... oval:org.secpod.oval:def:604874 Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:89000211 This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_* . - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames . - CVE-2020-7598: Fixed an issue which could have tricked ... oval:org.secpod.oval:def:1502980 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503803 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:503804 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:2500079 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1801859 Calling napi_get_value_string_latin1, napi_get_value_string_utf8, or napi_get_value_string_utf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.Receiving unreasonably large HTTP/2 SETTINGS frames can cons ... oval:org.secpod.oval:def:2106130 Oracle Solaris 11 - ( CVE-2020-10531 ) oval:org.secpod.oval:def:2500217 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:504864 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * ICU: Integer overflow in UnicodeString::doAppend * nghtt ... oval:org.secpod.oval:def:64151 Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:1502976 The advisory is missing the security advisory description. For more information please visit the reference link |