#nodejs

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-2226: Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be ...

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34470: Mozilla: Use-after-free in nsSHistory * CVE-2...

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-2226: Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted ja...

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34470: Mozilla: Use-after-free in nsSHistory * CVE-2022-34472: Mozilla: Unavai...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-2226: Mozilla: An email with a mismatching OpenPGP signature date was accepted as valid * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be ...

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34470: Mozilla: Use-after-free in nsSHistory * CVE-2...

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2200: Mozilla: Undesired attributes could be set as part of prototype pollution * CVE-2022-31744: Mozilla: CSP bypass enabling stylesheet injection * CVE-2022-34468: Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI * CVE-2022-34470: Mozilla: Use-after-free in nsSHisto...

New Red Hat Single Sign-On 7.6.0 packages are available from the Customer Portal.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0839: liquibase: Improper Restriction of XML External Entity