Lucene search
K

136 matches found

OSV
OSV
added 2021/02/05 11:54 a.m.8 views

MGASA-2021-0069 Updated nodejs packages fix security vulnerabilities

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

8.1CVSS7AI score0.16296EPSS
Exploits3References6
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 1:55 p.m.33 views

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...

7.8CVSS1.1AI score0.08794EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/01/19 12:0 a.m.43 views

Elastic Kibana < 6.8.7, 7.x < 7.6.1 Multiple Vulnerabilities in Node.js (ESA-2020-01) - Linux

Kibana is prone to multiple vulnerabilities in the shipped 3rdparty Node.js component. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.4AI score0.57132EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 3:16 p.m.43 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252 Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An...

7.8CVSS0.8AI score0.08794EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/30 9:28 a.m.43 views

Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities

Summary App Connect Enterprise Certified Container is vulnerable to CVE-2020-10531, CVE-2020-11080, CVE-2020-8174, CVE-2020-8172 in Node.js Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which i...

9.3CVSS0.9AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/24 9:50 a.m.12 views

Security Bulletin: Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA

Summary Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

0.4AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/15 4:30 p.m.47 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.

Summary IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending...

9.3CVSS1.1AI score0.07646EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/04 9:50 a.m.40 views

Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to Node.js CVE-2020-8172, CVE-2020-8174, and CVE-2020-11080, with details of each below. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...

9.3CVSS0.7AI score0.07646EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/11 4:18 p.m.30 views

Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities

Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue when HTTP header values do not have...

9.8CVSS1AI score0.57132EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 2:40 p.m.57 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...

7.8CVSS0.3AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/06 8:5 p.m.27 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...

7.5CVSS0.3AI score0.17139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/15 11:35 a.m.32 views

Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018

Summary Multiple vulnerabilities were identified in Node.js that affected IBM Cloud App Management V2018. The product was updated to use a later version of Node.js to address these security vulnerabilities. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial ...

7.5CVSS0.7AI score0.49268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.37 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™

Summary Node.js vulnerabilities in Node.js and the V8 Javascript engine were disclosed on October 18 2016, by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5180 DESCRIPTION: The V8 Javascript engine, as used in Google Chrome O...

9.8CVSS0.9AI score0.08583EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.33 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)

Summary IBM API Connect is affected by three vulnerabilities in Node.js CVE-2016-7099, CVE-2016-5325 and one for which a CVE ID was not assigned. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2016-7099 DESCRIPTION: Node.js could allow a remote attacker to bypass security...

6.1CVSS7AI score0.04093EPSS
Exploits0Affected Software1
OSV
OSV
added 2016/02/19 8:40 a.m.9 views

MGASA-2016-0080 Updated nodejs packages fix security vulnerability

A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...

7.5CVSS7.6AI score0.07013EPSS
Exploits0References5
OSV
OSV
added 2012/08/13 11:55 p.m.9 views

CVE-2012-2330

The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...

6.4AI score
Exploits0References9
Rows per page
Query Builder