Debian dla-4471 : debian-security-support - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4471 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

K000159607: Node-forge vulnerability CVE-2025-12816

Security Advisory Description An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic...

SUSE CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of integrity [CVE-2025-12816, CVE-2025-66030, CVE-2025-66031]

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and loss of integrity. This bulletin provides patch information to...

Important: Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2 Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fixes:...

Important: Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.5, for Red...

Important: Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0 Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fixes:...

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

CVE-2025-12816

A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 Abstract Syntax Notation One structures to desynchronize schema validations, yielding a semantic divergence. Mitigation...

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...

Linux Distros Unpatched Vulnerability : CVE-2025-66031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge version...

Linux Distros Unpatched Vulnerability : CVE-2025-66030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3....

Linux Distros Unpatched Vulnerability : CVE-2025-12816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to...

node-forge ASN.1 Unbounded Recursion

...

node-forge ASN.1 OID Integer Truncation

...

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...