Red Hat Security Advisory 2022-6985-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
bb0d8cfbbf56243c0b6735ea2efe318b9aa3d56e905539f815f4073229329cb2Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
d8446c0bcd696d3582b929d9e44783544354fa4b2a86d0d377dc24063454afb2Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
5a7f71092b36589dc74463298603b143a89c1b2f372579c132a06a1d69894508Ubuntu Security Notice 5642-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a741c88fdbcebba263f141b68dade06af9876160b8164996177be9bce2fc3196Red Hat Security Advisory 2022-6595-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
a6961a3c20a833fe5635cad7db7c48ff9a47c9caef6c3b83e0adc20879e8427dUbuntu Security Notice 5611-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
60c330fa46368709ea406625c1ec1cc6436b536d6444eecbfa7d1d45aa1defadRed Hat Security Advisory 2022-6448-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
77059a5029e5fa0f7d043f17c6d1f94d86241739d27ad64bf098f71c62c37a97Red Hat Security Advisory 2022-6449-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
cb5e66f8d412a46f5aff9c83c590b5c65a0a1bb01a1496c984882a20d23a1261Red Hat Security Advisory 2022-6389-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
49695c2ea32250dc6f60d34ea01d791f6c7a8d449b5c3c62b72f902aedb970b1Ubuntu Security Notice 5568-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
165d32716383b2213041fca19e93814768b839ec69d89fa522b80cc027eea341Transposh WordPress Translation versions 1.0.7 and below have an ajax action "tp_translation" which is available to authenticated or unauthenticated users (see CVE-2022-2461) that allows them to submit new translations. Translations submitted this way are shown on the Transposh administrative interface on the pages "tp_main" and "tp_editor". However, since the plugin does not properly validate and sanitize the submitted translation, arbitrary Javascript code can be permanently injected and executed directly within the backend across all users visiting the page with the roles of at least "Subscriber" and up to "Administrator".
484332c9e36ec88f8a190cc80119a1f22da60e0f49e9a327a7f7268bba597fb7Ubuntu Security Notice 5527-1 - It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials.
45daf753e998edd792b4728e6f35f35c6493b1e6cc974ee1082da7f33c59b2dcUbuntu Security Notice 5522-1 - Several security issues were discovered in WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
0f0f438214ff796ec27381779ba61d110957c201c68b02d7b912474263bc9aa9Ubuntu Security Notice 5494-1 - It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash or expose sensitive information. It was discovered that SpiderMonkey JavaScript Library incorrectly generated certain assembly code. An remote attacker could possibly use this issue to cause a crash.
62e4533e597b9e92d3946e276abc7a4db354b90ce9d04294a5b9bdd9d1b3ab2fRed Hat Security Advisory 2022-4914-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
b43f0c89fd3414efa475d6ec07c2e68d3f66f12f846e7070d1966227905eca9dUbuntu Security Notice 5457-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4153e8a485e0234b39752d64b97e73d5006aaa1bf37524710ec5361f026bd819Red Hat Security Advisory 2022-4796-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
991d963b663b8a11014cba877b3d06282eaafae5a7def5da98772487cf78ccfaUbuntu Security Notice 5434-1 - It was discovered that the methods of an Array object could be corrupted as a result of prototype pollution by sending a message to the parent process. If a user were tricked into opening a specially crafted website, an attacker could exploit this to execute JavaScript in a privileged context.
5c1a6337e78a42d03169f0ba88e8c5ab3edef10a831fc2af55998839be62848fScripting languages like JavaScript are being integrated into commercial software to support easy file modification. For example, Adobe Acrobat accepts JavaScript to dynamically manipulate PDF files. To bridge the gap between the high-level scripts and the low-level languages (like C/C++) used to implement the software, a binding layer is necessary to transfer data and transform representations. However, due to the complexity of two sides, the binding code is prone to inconsistent semantics and security holes, which lead to severe vulnerabilities. Existing efforts for testing binding code merely focus on the script side, and thus miss bugs that require special program native inputs. In this paper, the researchers propose cooperative mutation, which modifies both the script code and the program native input to trigger bugs in binding code.
5f9d0ad09e9e62d12e246894db4172788cd3662fb32d618c99f88dda19d6b911Ubuntu Security Notice 5394-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4d28ba4ec65abbd647ce541d3f35e56b233b7e97e1369456b0e2db59766b5636Ubuntu Security Notice 5306-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
4707e6455db6e67f13deff36f5a237a548085e428fab6e3fa9ad01323dd3f307Red Hat Security Advisory 2022-0350-04 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
07cf30cab5cf210d32816cb8dbca0ff2d5ee3995e8c201686697cb9fca2bdbfdUbuntu Security Notice 5255-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
8d9f50ee756368237221df9d2473d2e4bd63249ac9535dc0b637761d5e147186Red Hat Security Advisory 2022-0246-04 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
ac685f0ee1416a81c17a3920f8990f34fd0bed2044d014166ed19445dfeee9deRed Hat Security Advisory 2022-0041-02 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
a99fe197fc57400e20bfe23ee30166ab68528ec9bf0aa7cc6ad183163f65fef4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed