#nodejs

An update for openvswitch2.11 is now available in Fast Datapath for Red Hat Enterprise Linux 8.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-36980: Open vSwitch (aka openvswitch) has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.

An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later.

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup information * CVE-2021-23987: ...

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup information * CVE-2021-23...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup...

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup info...

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup...

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4127: Mozilla: Angle graphics library out of date * CVE-2021-23981: Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read * CVE-2021-23982: Mozilla: Internal network hosts could have been probed by a malicious webpage * CVE-2021-23984: Mozilla: Malicious extensions could have spoofed popup info...