12 matches found
Security Bulletin: IBM watsonx.data integration (Data Observability) is vulnerable to node-forge-1.3.1.tgz due to CVE-2025-12816 ( CVE number(s) )
Summary An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security...
openSUSE Security Advisory (SUSE-SU-2026:1008-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2026:1013-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: firewalld-prometheus-config / golang-github-prometheus-alertmanager / etc (SUSE-SU-2026:1008-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1008-1 advisory. golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes...
SUSE: Security Advisory (SUSE-SU-2026:20232-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-12816
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 Abstract Syntax Notation One structures to desynchronize schema validations, yielding a semantic divergence. Mitigation...
CVE-2025-12816 vulnerabilities
Vulnerabilities for packages: jitsucom-jitsu, kubeflow-centraldashboard, opensearch-dashboards, kubeflow-pipelines, argo-workflows...
Linux Distros Unpatched Vulnerability : CVE-2025-12816
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to...
-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41716 more potentially affected by CVE-2025-12816 via node-forge (>=0.10.0 <=1.3.1)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
AZL-71125 CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21
An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...
CVE-2025-12816
An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...
-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +1075 more potentially affected by CVE-2025-12816 via node-forge (>=1.0.0 <=1.3.1)
node-forge NPM version =1.0.0, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =1.1.0, =1.2.1, =1.0.0, =1.2.6, =1.23.2, =3.0.0-alpha.0, =3.1.0, =3.12.0-rc.0 and more Source cves: CVE-2025-12816 Source advisory: SNYK:JS-NODEFORGE-14114940...