Lucene search
K

14 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/16 12:0 a.m.33 views

Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...

8.8CVSS7.2AI score0.41288EPSS
Exploits0References10
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2017-0204)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.04093EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:2470-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.95707EPSS
Exploits8References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.24 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs, plus three additional vulnerabilities unrelated to the OpenSSL release. Vulnerability Details CVEID:...

9.8CVSS1.2AI score0.95707EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.33 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)

Summary IBM API Connect is affected by three vulnerabilities in Node.js CVE-2016-7099, CVE-2016-5325 and one for which a CVE ID was not assigned. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2016-7099 DESCRIPTION: Node.js could allow a remote attacker to bypass security...

6.1CVSS7AI score0.04093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:6 a.m.22 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable to a...

9.8CVSS1.2AI score0.95707EPSS
Exploits8Affected Software3
Tenable Nessus
Tenable Nessus
added 2016/11/15 12:0 a.m.29 views

Fedora 25 : 1:nodejs (2016-43ff70c6b1)

https://nodejs.org/en/blog/release/v6.7.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5.9CVSS7.3AI score0.02841EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/10/12 12:0 a.m.35 views

openSUSE Security Update : nodejs (openSUSE-2016-1172)

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues : - Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules - http:...

9.3CVSS7.4AI score0.95707EPSS
Exploits8References10
OpenVAS
OpenVAS
added 2016/10/12 12:0 a.m.35 views

openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:2496-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7.2AI score0.95707EPSS
Exploits8References1
OSV
OSV
added 2016/10/10 4:59 p.m.6 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS6.4AI score
Exploits0References5
CVE
CVE
added 2016/10/10 4:0 p.m.77 views

CVE-2016-7099

CVE-2016-7099 affects Node.js TLS: tls.checkServerIdentity fails to properly validate certs with wildcards, enabling MITM via crafted X.509 certificates. The issue is fixed in upstream Node.js by updating to versions where wildcard handling is corrected (0.10.47, 0.12.16, 4.6.0, 6.7.0) and is ech...

5.9CVSS6AI score0.02841EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2016/10/10 4:0 p.m.28 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

5.9CVSS6.2AI score0.02841EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2016/09/28 6:47 a.m.31 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

7.4CVSS5AI score0.02841EPSS
Exploits0References2
Node JS Blog
Node JS Blog
added 2016/09/23 12:0 a.m.44 views

Security updates for all active release lines, September 2016

Security updates for all active release lines, September 2016 Update 27-September-2016 Releases available Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific...

9.8CVSS8.7AI score0.95707EPSS
Exploits8
Rows per page
Query Builder