EulerOS Virtualization for ARM 64 3.0.2.0 : jasper (EulerOS-SA-2020-1188)

According to the versions of the jasper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Runtime libraries for jasper. Security Fixes:Race condition in the jasstreamtmpfile function in...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2020-1192)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : nodejs8 (openSUSE-2020-293)

This update for nodejs8 fixes the following issues : Security issues fixed : - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0454-1)

This update for nodejs8 fixes the following issues : Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed...

RHEL 8 : nodejs:10 (RHSA-2020:0579)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0579 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.16.1. Security Fixes: nodejs: HTTP request smuggling using malformed...

nodejs:12 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

ALSA-2020:0598 Important: nodejs:12 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.16.1. Security Fixes: nodejs: HTTP request smuggling using malformed...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2020:0579 Important: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.19.0. Security Fixes: nodejs: HTTP request smuggling using malformed...

nodejs:10 security update

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...

EulerOS 2.0 SP8 : bind (EulerOS-SA-2020-1141)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP...

EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dic...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1141)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0427-1)

This update for nodejs10 fixes the following issues : nodejs10 was updated to version 10.19.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request...

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)

This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.15.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. CVE-2019-15605: Fixed an HTTP request...

CVE-2018-5745

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed b...

GHSA-GP2M-7CFP-H6GF Incorrect persistent NameID generation in SimpleSAMLphp

Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...

Incorrect persistent NameID generation in SimpleSAMLphp

Background When a SimpleSAMLphp Identity Provider is misconfigured, a bug in the software when trying to build a persistent NameID to univocally identify the authenticating subject could cause different users to get the same identifier generated, depending on the attributes available for them rig...