22 matches found
MiracleLinux 7 : rh-nodejs12-nodejs-12.18.2-1.el7 (AXSA:2020-219:03)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-219:03 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...
Rocky Linux 8 : nodejs:12 (RLSA-2020:2852)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2852 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:2895)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2895 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Hitachi Energy Gateway Station (GWS) Product
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Product Vulnerability: Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate...
Security Bulletin: IBM DataPower Monitor is potentially vulnerable to an authentication bypass (CVE-2020-8172)
Summary IBM has addressed the relevant CVE CVE-2020-8172 Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be emitted before the 'secureConnect' event and possibly allow for the reuse of the TLS...
Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities
Summary App Connect Enterprise Certified Container is vulnerable to CVE-2020-10531, CVE-2020-11080, CVE-2020-8174, CVE-2020-8172 in Node.js Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which i...
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531)
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in International Components for Unicode ICU for C/C++ Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2...
Oracle Linux 8 : nodejs:12 (ELSA-2020-2852)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2852 advisory. - Fix CVE-2020-10531 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities
Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...
Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Protect Plus (CVE-2020-10531, CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)
Summary Node.js is vulnerable to buffer overflows, bypass of security restrictions, and denial of service which may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to a heap-based buffer...
Important: Red Hat Security Advisory: rh-nodejs12-nodejs security update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: nodejs:12 security update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: nodejs:12 security update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.2. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
nodejs:12 security update
An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform for...
Security fix for the ALT Linux 9 package node version 14.4.0-alt1
June 19, 2020 Vitaly Lipatov 14.4.0-alt1 - new version 14.4.0 with rpmrb script - set libicu = 6.5 - set libnghttp2 = 1.41.0 - CVE-2020-8172, CVE-2020-11080, CVE-2020-8174...
Security fix for the ALT Linux 10 package node version 14.4.0-alt1
June 19, 2020 Vitaly Lipatov 14.4.0-alt1 - new version 14.4.0 with rpmrb script - set libicu = 6.5 - set libnghttp2 = 1.41.0 - CVE-2020-8172, CVE-2020-11080, CVE-2020-8174...
CVE-2020-8172
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...