Download
| Alert*
oval:org.secpod.oval:def:66556
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:89000193 This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_* . - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames . - CVE-2020-1053 ... oval:org.secpod.oval:def:66557 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:604874 Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:1601172 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1. ... oval:org.secpod.oval:def:118366 This package contains the HTTP/2 client, server and proxy programs. oval:org.secpod.oval:def:1502980 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:119170 Node.js is a platform built on Chromes JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:89044094 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS oval:org.secpod.oval:def:89049461 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS oval:org.secpod.oval:def:2106130 Oracle Solaris 11 - ( CVE-2020-10531 ) oval:org.secpod.oval:def:503798 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:505017 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:66554 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer t ... oval:org.secpod.oval:def:505061 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * ICU: Integer overflow in UnicodeString::doAppend * nghtt ... oval:org.secpod.oval:def:708220 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:89000211 This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_* . - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames . - CVE-2020-7598: Fixed an issue which could have tricked ... oval:org.secpod.oval:def:91499 nghttp2: HTTP/2 C Library and tools nghttp2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:503803 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:503804 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nghttp2: overly large SETTINGS frames can lead to DoS * nodejs-minim ... oval:org.secpod.oval:def:1700354 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1. ... oval:org.secpod.oval:def:2500079 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1502964 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1801859 Calling napi_get_value_string_latin1, napi_get_value_string_utf8, or napi_get_value_string_utf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.Receiving unreasonably large HTTP/2 SETTINGS frames can cons ... oval:org.secpod.oval:def:83388 The host is installed with Node.js 14.0.0 before 14.4.0 and is prone to a denial of service vulnerability. A flaw is present in the application which fails to handle HTTP/2 SETTINGS frames. Successful exploitation allows an attacker to cause unspecified impact. oval:org.secpod.oval:def:1504427 kernel-uek-container [4.14.35-1902.303.5.3.el7] - rds: Deregister all FRWR mr with free_mr [Orabug: 31476202] - Revert "rds: Do not cancel RDMAs that have been posted to the HCA" [Orabug: 31475329] - Revert "rds: Introduce rds_conn_to_path helper" [Orabug: 31475329] - Revert "rds: Three cancel fi ... oval:org.secpod.oval:def:2500217 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:504864 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * ICU: Integer overflow in UnicodeString::doAppend * nghtt ... oval:org.secpod.oval:def:2500061 libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. oval:org.secpod.oval:def:64151 Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:1502976 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89044083 This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS . - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service . - CVE-2019-9511: Fixed HTTP/2 implementations ... oval:org.secpod.oval:def:1507095 [1.33.0-5] - fix HTTP/2 Rapid Reset [1.33.0-4] - prevent DoS caused by overly large SETTINGS frames |