Download
| Alert*
oval:org.secpod.oval:def:96748
The host is installed with Node.js 8.x before 8.14.0, or 6.x before 6.15.0 and is prone to an HTTP request splitting vulnerability. A flaw is present in the application which fails to handle an unsanitized user-provided Unicode data for the `path` option of an HTTP request. Successful exploitation a ... oval:org.secpod.oval:def:2105926 Oracle Solaris 11 - ( CVE-2018-12120 ) oval:org.secpod.oval:def:504868 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs . Security Fix: * nodejs-tar: Arbitrary file overwrites when extracting tar ... oval:org.secpod.oval:def:1900816 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:2000328 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to ma ... oval:org.secpod.oval:def:89043994 This update contains the Mozilla Firefox ESR 68.2 release. Mozilla Firefox was updated to ESR 68.2 release: * Enterprise: New administrative policies were added. More information and templates are available at the Policy Templates page. * Various security fixes: MFSA 2019-33 * CVE-2019-15903: Heap ... |