136 matches found
MGASA-2021-0069 Updated nodejs packages fix security vulnerabilities
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...
Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...
Elastic Kibana < 6.8.7, 7.x < 7.6.1 Multiple Vulnerabilities in Node.js (ESA-2020-01) - Linux
Kibana is prone to multiple vulnerabilities in the shipped 3rdparty Node.js component. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252 Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An...
Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities
Summary App Connect Enterprise Certified Container is vulnerable to CVE-2020-10531, CVE-2020-11080, CVE-2020-8174, CVE-2020-8172 in Node.js Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which i...
Security Bulletin: Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA
Summary Public disclosed vulnerabilities from Node.js affect IBM Spectrum LSF Explorer, IBM Spectrum LSF Suite, and IBM Spectrum LSF Suite for HPA. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.
Summary IBM Cloud Transformation Advisor has addressed multiple Node.js vulnerabilities. Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which is limited to 32 settings by default. By sending...
Security Bulletin: IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities
Summary IBM Cloud Pak for Integration is vulnerable to Node.js CVE-2020-8172, CVE-2020-8174, and CVE-2020-11080, with details of each below. Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...
Security Bulletin: IBM Event Streams is affected by multiple Node.js vulnerabilities
Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue when HTTP header values do not have...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities in Node.js CVE-2019-9511, CVE-2019-9516, CVE-2019-9512, CVE-2019-9517, CVE-2019-9518, CVE-2019-9515, CVE-2019-9513, CVE-2019-9514 Vulnerability Details CVEID: CVE-2019-9511 DESCRIPTION: Some HTTP/2 implementation...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.j...
Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018
Summary Multiple vulnerabilities were identified in Node.js that affected IBM Cloud App Management V2018. The product was updated to use a later version of Node.js to address these security vulnerabilities. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial ...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™
Summary Node.js vulnerabilities in Node.js and the V8 Javascript engine were disclosed on October 18 2016, by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-5180 DESCRIPTION: The V8 Javascript engine, as used in Google Chrome O...
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM API Connect (CVE-2016-7099, CVE-2016-5325)
Summary IBM API Connect is affected by three vulnerabilities in Node.js CVE-2016-7099, CVE-2016-5325 and one for which a CVE ID was not assigned. These vulnerabilities are now fixed. Vulnerability Details CVEID: CVE-2016-7099 DESCRIPTION: Node.js could allow a remote attacker to bypass security...
MGASA-2016-0080 Updated nodejs packages fix security vulnerability
A request smuggling vulnerability was found in Node.js that can be exploited under certain unspecified circumstances CVE-2016-2086. It was reported that HTTP header parsing in Node.js is vulnerable to response splitting attacks. While Node.js has been protecting against response splitting attacks...
CVE-2012-2330
The Update method in src/nodehttpparser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information request header contents and possibly spoof HTTP headers via a zero length string...