13 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js bl modules denial of service vulnerability( CVE-2020-8244) and GNU Tar buffer overflow vulnerability( CVE-2022-48303)
Summary Potential Node.js bl modules denial of service vulnerability CVE-2020-8244 and GNU Tar buffer overflow vulnerability CVE-2022-48303 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details...
Security Bulletin: Open Source Dependency Vulnerability
Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafte...
Ubuntu 18.04 LTS : bl vulnerability (USN-5098-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5098-1 advisory. It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information. Tenable has extracted the preceding...
Debian DLA-2698-1 : node-bl - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2698 advisory. - A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume...
[SECURITY] [DLA 2698-1] node-bl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2698-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 01, 2021 https://wiki.debian.org/LTS -...
Security Bulletin: A security vulnerability in Node.js bl module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js bl module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sendin...
Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability
Summary Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer...
Security Bulletin: App Connect Enterprise Certified Container is vulnerable to (CVE-2020-8244)
Summary App Connect Enterprise Certified Container is vulnerable to a Denial of Service attack or an attack for sensitive information CVE-2020-8244 Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a...
Remote Memory Exposure
Overview A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1 2.2.1 and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory v...
@cowlick/analyzer (>=0.10.0 <=0.11.0), @cowlick/kag-compiler (>=0.10.0 <=0.11.0) +1 more potentially affected by CVE-2020-8244 via bl (=3.0.0)
bl NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on bl and may be impacted: - @cowlick/analyzer =0.10.0, =0.10.0, =1.0.0, =1.0.3 Source cves: CVE-2020-8244 Source advisory: OSV:GHSA-PP7H-53GX-MX7R...
DEBIAN-CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...
CVE-2020-8244
A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...