nodejs was added to epel7 repo on 2014-03-06
Page updated: 2023-11-21 11:36
Repo Status -
Overall Status
Source NVR: nodejs-16.18.1-3.el7 (2022-05-15)
nodejs | nodejs-1:16.18.1-3.el7 |
nodejs-devel | nodejs-devel-1:16.18.1-3.el7 |
nodejs-docs | nodejs-docs-1:16.18.1-3.el7 |
nodejs-full-i18n | nodejs-full-i18n-1:16.18.1-3.el7 |
nodejs-libs | nodejs-libs-1:16.18.1-3.el7 |
npm | npm-1:8.19.2-1.16.18.1.3.el7 |
v8-devel | v8-devel-2:9.4.146.26-1.16.18.1.3.el7 |
1516177 | NEW | CVE-2017-14919 nodejs: DoS via specific windowBits value [epel-all] |
1591007 | NEW | CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters [epel-all] |
1591015 | NEW | CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [epel-all] |
1591021 | NEW | CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [epel-all] |
1591024 | NEW | CVE-2018-7164 nodejs: uncontrolled memory consumption when using the net.Socket as a stream [epel-all] |
1661000 | NEW | CVE-2018-12116 nodejs: HTTP request splitting [epel-all] |
1661004 | NEW | CVE-2018-12121 nodejs: Denial of Service with large HTTP headers [epel-all] |
1661007 | NEW | CVE-2018-12122 nodejs: Slowloris HTTP Denial of Service [epel-all] |
1661012 | NEW | CVE-2018-12123 nodejs: Hostname spoofing in URL parser for javascript protocol [epel-all] |
1690817 | NEW | CVE-2019-5739 nodejs: DoS with keep-alive HTTP connection [epel-7] |
1788303 | NEW | CVE-2019-16777 nodejs: npm: Global node_modules Binary Overwrite [epel-all] |
1788307 | NEW | CVE-2019-16775 nodejs: npm: Symlink reference outside of node_modules folder through the bin field upon installation [epel-all] |
1788311 | NEW | CVE-2019-16776 nodejs: npm: Arbitrary file write via constructed entry in the package.json bin field [epel-all] |
1845263 | NEW | CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions [epel-all] |
1856876 | NEW | CVE-2020-15095 nodejs: npm: sensitive information exposure through logs [epel-all] |
1879340 | NEW | CVE-2020-8201 nodejs: HTTP Request Smuggling due to CR-to-Hyphen conversion [epel-all] |
1932025 | NEW | CVE-2021-22884 nodejs: DNS rebinding in --inspect [epel-all] |
1993020 | NEW | CVE-2021-22931 nodejs: Improper handling of untypical characters in domain names [epel-7] |
1993040 | NEW | CVE-2021-22939 nodejs: Incomplete validation of tls rejectUnauthorized parameter [epel-7] |
2126994 | NEW | CVE-2021-43138 nodejs: async: Prototype Pollution in async [epel-7] |
2127350 | NEW | CVE-2020-7677 nodejs: thenify: Arbitrary Code Execution in thenify [epel-7] |
2140913 | NEW | CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address [epel-7] |
2209504 | NEW | CVE-2023-32067 nodejs: c-ares: 0-byte UDP payload Denial of Service [epel-7] |
2209539 | NEW | CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 nodejs: various flaws [epel-7] |
2233375 | NEW | CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load [epel-7] |
2233388 | NEW | TRIAGE-CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() [epel-7] |
2233397 | NEW | CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding [epel-7] |
2244430 | NEW | TRIAGE-CVE-2023-39331 nodejs: permission model improperly protects against path traversal [epel-7] |
2244441 | NEW | TRIAGE-CVE-2023-39331 nodejs: permission model improperly protects against path traversal [epel-7] |
2244452 | NEW | TRIAGE-CVE-2023-39332 nodejs: path traversal through path stored in Uint8Array [epel-7] |
2244472 | NEW | CVE-2023-38552 nodejs: integrity checks according to policies can be circumvented [epel-7] |
2244476 | NEW | CVE-2023-39333 nodejs: code injection via WebAssembly export names [epel-7] |
2244523 | NEW | Node.js 16.x < 16.20.2 Multiple Vulnerabilities |