34 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by a...
SUSE CVE-2020-8201
Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...
Hitachi Energy Gateway Station (GWS) Product
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Product Vulnerability: Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate...
Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)
Summary Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attack...
SUSE: Security Advisory (SUSE-SU-2020:2813-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:2812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures
Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...
Security Bulletin: IBM Cloud Private is vulnerable to Node.js vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251)
Summary IBM Cloud Private is vulnerable to Node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...
CentOS 8 : nodejs:12 (CESA-2020:4272)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory. - npm: sensitive information exposure through logs CVE-2020-15095 - nodejs-dot-prop: prototype pollution CVE-2020-8116 - nodejs: HTTP request smuggling...
Important: libuv
Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...
Amazon Linux 2 : libuv (ALAS-2021-1581)
The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory. Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting...
Security Bulletin: Vulnerability in Node.js affects IBM Netcool Agile Service Manager
Summary A vulnerability in Node.js used by IBM Netcool Agile Service Manager has been identified. Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By...
Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation
Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management
Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending speciall...
Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling
Summary App Connect Enterprise Certified Container when running Desginer flows may be vulnerable to Denial of Service via to CVE-2020-8237, HTTP request smuggling via CVE-2020-8201 or buffer overflows via CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-8237 DESCRIPTION: Node.js json-bigint...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252 Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An...
Fedora 33 : 1:nodejs (2020-43d5a372fc)
Update to 14.15.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:2812-1)
This update for nodejs12 fixes the following issues : nodejs12 was updated to 12.18.4 LTS : - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...
Moderate: Red Hat Security Advisory: rh-nodejs12-nodejs security update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)
Summary Node.js is vulnerable to HTTP request smuggling and to a buffer overflow which can affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP...