16 matches found
Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers
Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...
Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor
Summary IBM Business Automation Workflow Configuration Editor packages a vulnerable version of the NodeJS runtime and a vulnerable module. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a...
Linux Distros Unpatched Vulnerability : CVE-2025-23167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables...
Exploit for CVE-2025-23167
CVE-2025-23167 – Node.js HTTP Request Smuggling Exploit Worki...
SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2025:02039-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02039-1 advisory. Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. -...
Photon OS 4.0: Nodejs PHSA-2025-4.0-0820
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0820. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
openSUSE Security Advisory (SUSE-SU-2025:02045-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2025:02039-1 Security update for nodejs20
This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...
Fedora 41 : nodejs20 (2025-0c2b7a8f32)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c2b7a8f32 advisory. Update to 20.19.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Fedora: Security Advisory (FEDORA-2025-0c2b7a8f32)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Windows
Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Mac OS X
Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...
CVE-2025-23167
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...
CVE-2025-23167
creationtimestamp| type| source ---|---|--- 2025-05-15 01:06:34+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lp6d5gqzx327 2025-05-19 02:38:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16795 2025-05-19 03:22:00+00:00| seen|...