rpm package
opensuse/nodejs14&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweed
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8174 | — | < 14.17.5-1.2 | 14.17.5-1.2 | Jul 24, 2020 | napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | ||
| CVE-2020-15095 | — | < 14.17.5-1.2 | 14.17.5-1.2 | Jul 7, 2020 | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also | ||
| CVE-2020-8172 | — | < 14.17.5-1.2 | 14.17.5-1.2 | Jun 8, 2020 | TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | ||
| CVE-2020-11080 | — | < 14.17.5-1.2 | 14.17.5-1.2 | Jun 3, 2020 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T |
- CVE-2020-8174Jul 24, 2020affected < 14.17.5-1.2fixed 14.17.5-1.2
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
- CVE-2020-15095Jul 7, 2020affected < 14.17.5-1.2fixed 14.17.5-1.2
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "://[[:]@][:][:][/]". The password value is not redacted and is printed to stdout and also
- CVE-2020-8172Jun 8, 2020affected < 14.17.5-1.2fixed 14.17.5-1.2
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
- CVE-2020-11080Jun 3, 2020affected < 14.17.5-1.2fixed 14.17.5-1.2
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. T
Page 2 of 2