Digital Bazaar Forge Data Forgery Issue Vulnerability (CNVD-2022-22656)

Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. A data forgery issue vulnerability exists in versions prior to Digital Bazaar Forge 1.3.0, which originated in...

CVE-2022-24772

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo ASN.1 structure. This can allow padding bytes to be removed an...

ROS-20220112-03

The vsftpd FTP server vulnerability is related to a provenance check error in the TLS implementation when working with different protocols. different protocols. Exploitation of the vulnerability could allow an attacker acting remotely and capable of performing a MitM attack at the TCP/IP level,...

SUSE: Security Advisory (SUSE-SU-2015:0841-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2021:0549 Moderate: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.20.1, nodejs-nodemon 2.0.3. Security Fixes: nodejs-mixin-deep: prototype pollutio...

Moderate: Red Hat Security Advisory: rh-nodejs12-nodejs security update

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

MGASA-2021-0069 Updated nodejs packages fix security vulnerabilities

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Node.js 10.x < 10.23.1 / 12.x < 12.20.1 / 14.x < 14.15.4 / 15.x < 15.5.1 Multiple Vulnerabilities

The version of Node.js installed on the remote host is 10.x prior to 10.23.1, 12.x prior to 12.20.1, 14.x prior to 14.15.4, or 15.x prior to 15.5.1. It is, therefore, affected by multiple vulnerabilities as referenced in the january-2021-security-releases advisory. - The X.509 GeneralName type is...

Fedora 33 : 1:nodejs (2021-fb1a136393)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-fb1a136393 advisory. - Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS...

CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Node.js TLSWrap Use-After-Free Vulnerability

Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Node.js TLSWrap Use-After-Free

Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Node.js: Node.js: use-after-free in TLSWrap

Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Security Bulletin: IBM Sterling Connect:Direct for UNIX CPU utilization (CVE-2014-0963)

Summary IBM Sterling Connect:Direct for UNIX is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details IBM Sterling Connect:Direct for UNIX is affected by a problem with the handling of...

Updated axel packages fix security vulnerability

Updated axel package fixes security vulnerability: An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification CVE-2020-13614. The axel package has been updated to version 2.17.8, fixing this issue and other bugs...

CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

CVE-2018-5703

The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel, through 4.14.11, allows attackers to cause a denial of service slab out-of-bounds write or possibly have unspecified other impact via vectors involving in-kernel TLS implementation. Due to the nature of the flaw, privilege...

CVE-2020-0601, aka NSACrypt

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

Denial Of Service (DoS)

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A race condition was found in the way N...