ALSA-2024:2910 Important: nodejs security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...

Oracle Linux 9 : nodejs:20 (ELSA-2024-2853)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2853 advisory. - Backport nghttp2 patch for CVE-2024-28182 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

EulerOS Virtualization 3.0.6.0 : python-urllib3 (EulerOS-SA-2024-1703)

According to the versions of the python-urllib3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redire...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js(CVE-2024-27983 & CVE-2024-27982)

Summary IBM App Connect Enterprise is vulnerable to a denial of service and HTTP request smuggling due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.js is vulnerable to a denial of service, caused ...

AlmaLinux 9 : nodejs:20 (ALSA-2024:2853)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:2853 advisory. c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to retrieve...

F5 Networks BIG-IP : The BIG-IP system may fail to block HTTP Request Smuggling attacks (K000132430)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by a vulnerability as referenced in the K000132430 advisory. The BIG-IP system may fail to block non-RFC-compliant HTTP requests to the pool member, which may lead to an...

CVE-2024-20394

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

CVE-2024-20394

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

CVE-2024-20369

CVE-2024-20369 affects Cisco Crosswork Network Services Orchestrator (NSO) Web UI. The issue is improper input validation of a parameter in an HTTP request, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malicious website. Documented...

Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability

A vulnerability in Cisco AppDynamics Network Visibility Agent could allow an unauthenticated, local attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to the inability to handle unexpected input. An attacker who has local device access could explo...

Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple security vulnerabilities in Eclipse Jetty affect IBM Security Directory Integrator

Summary The IBM Security Directory Integrator was vulnerable to multiple security vulnerabilities in the Eclipse Jetty component. This was addressed in version 10 of the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker t...

PT-2024-4565 · Cisco · Cisco Appdynamics Network Visibility Agent

Name of the Vulnerable Software and Affected Versions: Cisco AppDynamics Network Visibility Agent affected versions not specified Description: The issue is caused by the inability to handle unexpected input, allowing an unauthenticated, local attacker to cause a denial of service DoS condition on...

RHEL 9 : nodejs:20 (RHSA-2024:2853)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2853 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

ALSA-2024:2853 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: Out of bounds read in aresreadline CVE-2024-25629 nghttp2: CONTINUATION frames DoS CVE-2024-28182 nodejs: using the fetch function to...

K000139615: Node.js vulnerability CVE-2024-27982

Security Advisory Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly,...

CVE-2023-45583

The CVE-2023-45583 vulnerability is a use of externally-controlled format string affecting Fortinet FortiProxy, FortiPAM, FortiOS, and FortiSwitchManager across multiple versions (e.g., FortiProxy 7.2.0–7.2.5, 7.0.x, 2.0.x, 1.x; FortiOS 7.x and 6.x; FortiPAM 1.x; FortiSwitchManager 7.x). The unde...