16 matches found
Mageia: Security Advisory (MGASA-2019-0277)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0658-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0818-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-5739
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service DoS attack...
Security Bulletin: Node.js as used in IBM QRadar Packet Capture is vulnerable to the following CVE's (CVE-2019-1559, CVE-2019-5737, CVE-2019-5739)
Summary Node.js as used in IBM QRadar Packet Capture is susceptible to the following vulnerabilities Vulnerability Details CVEID: CVE-2019-1559 Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after t...
Security Bulletin: Multiple Security Vulnerabilities affect IBM Cloud Private (CVE-2019-5739 CVE-2019-5737 CVE-2019-1559)
Summary IBM Cloud Private is vulnerable to multiple security vulnerabilities in Node.js Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...
openSUSE Security Update : nodejs6 (openSUSE-2019-1173)
This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. - CVE-2019-5737: Fixed a potentially attack vector which could...
openSUSE: Security Advisory for nodejs6 (openSUSE-SU-2019:1173-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nodejs6 (moderate)
openSUSE Security Update: Security update for nodejs6 Announcement ID: openSUSE-SU-2019:1173-1 Rating: moderate References: 1127080 1127532 1127533 Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities is now...
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and...
SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2019:0818-1)
This update for nodejs6 to version 6.17.0 fixes the following issues : Security issues fixed : CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. CVE-2019-5737: Fixed a potentially attack vector which could lead ...
openSUSE Security Update : nodejs4 (openSUSE-2019-1076)
This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. - CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of...
CVE-2019-5739
CVE-2019-5739 describes a denial-of-service vulnerability in Node.js keep-alive handling where HTTP/HTTPS connections could stay open up to 2 minutes on affected versions (Node.js ≤6.16.0). The issue is mitigated by Node.js 6.17.0+ introducing server.keepAliveTimeout (default 5 seconds); Node.js ...
Security update for nodejs4 (moderate)
openSUSE Security Update: Security update for nodejs4 Announcement ID: openSUSE-SU-2019:1076-1 Rating: moderate References: 1127080 1127532 1127533 Cross-References: CVE-2019-1559 CVE-2019-5737 CVE-2019-5739 Affected Products: openSUSE Leap 42.3 An update that fixes three vulnerabilities is now...
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0658-1)
This update for nodejs4 fixes the following issues : Security issues fixed : CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active bsc1127533. CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Servi...