Security Bulletin: There are multiple vulnerabilities in IBM Db2 bundled with IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details Refer to the...

GLSA-202401-23 : libuv: Buffer Overread

The remote host is affected by the vulnerability described in GLSA-202401-23 libuv: Buffer Overread - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether...

[SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)

Debian LTS Advisory DLA-3380-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost April 01, 2023 https://wiki.debian.org/LTS Package : firmware-nonfree Version : 20190114+really20220913-0+deb10u1 CVE ID : CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-24586...

AlmaLinux 8 : libuv (ALSA-2021:3075)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:3075 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and...

CentOS 8 : nodejs:12 (CESA-2021:3073)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3073 advisory. - libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 - nodejs-hosted-git-info: Regular Expression...

Moderate: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Low: Red Hat Security Advisory: libuv security update

An update for libuv is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

ALSA-2021:3075 Low: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Low: libuv security update

libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fixes: libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Updated libuv packages fix security vulnerability

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

Node.js 12.x < 12.22.2, 14.x < 14.17.2, 16.x < 16.4.1 DoS Vulnerability - Mac OS X

Node.js is prone to a out of bounds read vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

Out-of-bounds

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

Citrix SD-WAN WANOP 10.2.x Multiple Vulnerabilities (CTX276688)

The remote Citrix SD-WAN WANOP device is version 10.2.x prior to 10.2.7, 11.0.x prior to 11.0.3d, 11.1.x prior to 11.1.1a. It is, therefore, affected by multiple vulnerabilities: - An authorization bypass vulnerability exists in Citrix SD-WAN WANOP devices. An unauthenticated, remote attacker wit...

Denial Of Service (DoS)

libglusterfs.so is vulnerable to a denial of service DoS attack or information disclosures. The library does not restrict the ../ characters from being passed in pathnames, allowing a malicious user to gain access to file statuses or crash the application with a malformed filename...

Information Disclosure

h2o-core is vulnerable to information disclosures. The HTTP response headers contain sensitive information such as server version...