Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
d17f1315e979971a3621829636966df0e1f09cfbdf28fa99e162ce75d2223793Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
e81e319d29d715b4f89864cf976c9fc33fedd006c1df0d2ae413f8194ec09effRed Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
c847a25ac05fb577d9d312fccc92714b065a2a75511c21413ff647b9c3fbba48Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This leads to an arbitrary command execution with permissions of the Kibana process on the host system. Exploitation will require a service or system reboot to restore normal operation. The WFSDELAY parameter is crucial for this exploit. Setting it too high will cause MANY shells (50-100+), while setting it too low will cause no shells to be obtained. WFSDELAY of 10 for a docker image caused 6 shells.
218aabf6c87ec8ccc508ad1d2d5d2ca8b265eead008ca12a1926cb66c80614abUbuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
56a23505c39e15a9992e4da11ed2253e380d5dccf0c819aca7b95fda96df2aafRed Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
2f06bbbf8bfb035c3cc29869030ff9c394d94f4a61e802e88783692206313bf6Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
26418c8a5be7babeeb199c8a8e789c7d53171594bcc88de2f5638715da3afb4bRed Hat Security Advisory 2023-4417-01 - CJose is C library implementing the Javascript Object Signing and Encryption.
22c3bb74d9c2e542f865f639c88c79b425277c88a060f4e27bf5dbe20a578efbRed Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.
dccddcd552f7680d2e72aefb3cffd84471aa6a23a83e150e4d8ca50f00633b60Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
82871fa1fba43d05238c779b70fe1fa4ce8d4ecb76d357fcdd3cc95b927e2b1fRed Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
e350366281586d2cef04c6d228a4b1688a999c2161b5a64f4df03fc2dc126fb6Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
f16ee90126b9893b5e5bba06fb24bfec93e3b2b99379a10616a486da89a60aedUbuntu Security Notice 6227-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
f640fac519450266c1c770b5325b750304800d206c35f5e92462b3a60f72daedRed Hat Security Advisory 2023-4039-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
79c745dae0e4a96887a92346201fafff379f8553e65ad01401ec7cb0436a84c6Red Hat Security Advisory 2023-4034-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
4a5158a0332de2f9544f7ef4fb9f874620df54c370aaefcae4faec249535a8a1Red Hat Security Advisory 2023-4033-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
769605a7ad35f0daf38e521bc2fa72daec355ff0f28a65f5298d1651be8c9b52Red Hat Security Advisory 2023-4036-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
8d61165472772112c3e82bb47d7e6b7af07d15f2baa367f1ea11df1f38d219baRed Hat Security Advisory 2023-4035-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow and denial of service vulnerabilities.
b2a625f052f26d493dd20d4b4e6799bb0b54fd62b19e9cf1c70573ba4694f509Chrome suffers from an internal javascript object access vulnerability. suffers from a code execution vulnerability.
ffd1bc4c7c03a984e8cd76542fd8b6610321410abd4663e7c81762fe8f30c5aeRed Hat Security Advisory 2023-3586-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
cd4836854f4f775475d105d160dc74d3d6d2a94064a9e9a21552165de3fde258Red Hat Security Advisory 2023-3577-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
42e13d3b9fc3ea0f87ad33e7b800d31ef4f26dfb6121410a6541791c97587b15Proof of concept for a logic bug in the implementation of the garbage collector (GC) in v8 (the JavaScript interpreter of Chrome). The exploit poc.js is tested on v8 version 9.4.146.16 (commit 452f57b), which is the version shipped with Chrome 94.0.4606.61, the one before the bug was fixed, on Ubuntu 20.04.
9bcd05375f4716e560bf2a6e62f7e0eed58e6eb6f38f4070b6205036e9ca28caUbuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
5c6b6b7dc4dc6a16e2e912d60d869f15f102d2dc555b8c4d1e9010abdc65165fPydio Cells versions 4.1.2 and below implement the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it is possible to generate valid signatures for arbitrary download URLs. By uploading an HTML file and modifying the download URL to serve the file inline instead of as an attachment, any included JavaScript code is executed when the URL is opened in a browser, leading to a cross site scripting vulnerability.
5572c0a56c096d68de11c3dc1c9bcddd5b68526d9584952ea09e3ff2766d3365Ubuntu Security Notice 6120-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
0beb4fd522279b672c4b92fcefa9d309a5387cdc5d645f3b2e6568d164bca679
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed