38 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-5737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by...
Rocky Linux 8 : nodejs:10 (RLSA-2019:2925)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2925 advisory. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS...
SUSE CVE-2019-5737
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737)
Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js denial of service vulnerability CVE-2019-5737 Vulnerability Details CVEID:CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive...
Mageia: Security Advisory (MGASA-2019-0277)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-5737 affecting package nodejs 8.11.4-7
CVE-2019-5737 affecting package nodejs 8.11.4-7. An upgraded version of the package is available that resolves this issue...
SUSE: Security Advisory (SUSE-SU-2019:0818-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0658-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 8 : nodejs:10 (CESA-2019:2925)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2925 advisory. - nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass CVE-2019-5737 - HTTP/2: large amount of data requests leads to denial...
CVE-2019-5737
It was found that the original fix for Slowloris, CVE-2018-12122, was insufficient. It is possible to bypass the server's headersTimeout by sending two specially crafted HTTP requests in the same connection. An attacker could use this flaw to bypass Slowloris protection, resulting in a denial of...
Photon OS 1.0: Nodejs PHSA-2019-1.0-0257
An update of the nodejs package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0257. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid13252...
Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE's (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)
Summary Node.js as used in IBM QRadar Packet Capture is susceptible to the following vulnerabilities Vulnerability Details CVEID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after t...
Security Bulletin: A vulnerability in Node.js affects IBM Cloud App Management V2018
Summary There is a vulnerability in Node.js used by IBM® Cloud App Management V2018. Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and associated resources to stay alive for a lo...
Important: Red Hat Security Advisory: rh-nodejs8-nodejs security update
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)
Summary IBM Cloud Private is vulnerable to multiple security vulnerabilities in Node.js Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...
Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and...
openSUSE Security Update : nodejs10 (openSUSE-2019-1211)
This update for nodejs10 to version 10.1.2 fixes the following issue: Security issue fixed : - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127532. This update was imported from the SUSE:SLE-12:Update update projec...
openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2019:1211-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : nodejs6 (openSUSE-2019-1173)
This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. - CVE-2019-5737: Fixed a potentially attack vector which could...