Lucene search
K

25 matches found

OSV
OSV
added 2024/03/06 11:4 a.m.27 views

BIT-NODE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS6.5AI score0.09358EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2023/04/12 3:4 p.m.3 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.2 views

SUSE CVE-2009-2185

The ASN.1 parser pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1parser.c in a strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and b openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service pluto IKE daemon crash...

5CVSS6.9AI score0.02372EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.3 views

SUSE CVE-2009-2661

The asn1length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names RDNs, which allows remote attackers to cause a denial of service pluto IKE daemon crash via malformed ASN.1 data...

5CVSS6.8AI score0.01577EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.11 views

SUSE CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.9CVSS7AI score0.09358EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2022/12/15 4:20 p.m.2 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.34 views

Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...

8.8CVSS7.5AI score0.21514EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2022/10/19 10:12 a.m.6 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/19 9:7 p.m.3 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/06/28 12:0 a.m.46 views

Debian DSA-5170-1 : nodejs - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5170 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in llhttp v2.1.4 and...

8.2CVSS6.6AI score0.21514EPSS
Exploits4References15
RedHat Linux
RedHat Linux
added 2022/06/06 9:29 a.m.2 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/22 8:57 p.m.43 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Node.js (CVE-2021-44532, CVE-2021-44533, CVE-2022-21824)

Summary Security Vulnerabilities affect IBM Cloud Private - Node.js Vulnerability Details CVEID:CVE-2021-44532 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were used within a certificate chain...

8.2CVSS6.7AI score0.21514EPSS
Exploits2Affected Software1
Microsoft CVE
Microsoft CVE
added 2022/03/05 8:0 a.m.6 views

Node.js < 12.22.9 < 14.18.3 < 16.13.2 and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name for example in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.

...

5.3CVSS6.7AI score0.09358EPSS
Exploits1
OSV
OSV
added 2022/02/24 7:15 p.m.33 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS3.6AI score
Exploits0References6
NVD
NVD
added 2022/02/24 7:15 p.m.19 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS0.09358EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2022/02/24 7:15 p.m.58 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS6.7AI score0.09358EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/02/24 6:27 p.m.31 views

CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

6.7AI score0.09358EPSS
Exploits1References6
Mageia
Mageia
added 2022/02/22 8:15 p.m.68 views

Updated nodejs packages fix security vulnerability

Improper handling of URI Subject Alternative Names Medium. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often n...

8.2CVSS2AI score0.21514EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.12 views

PT-2022-1546 · Node.Js +7 · Node.Js +7

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 12.22.9 Node.js versions prior to 14.18.3 Node.js versions prior to 16.13.2 Node.js versions prior to 17.3.1 Description: The issue is related to errors in the certificate authentication procedure, specifically with...

10CVSS6.5AI score0.87816EPSS
Exploits77References752
OpenVAS
OpenVAS
added 2009/08/06 12:0 a.m.20 views

strongSwan Denial Of Service Vulnerability - Aug09

This host has strongSwan and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: gbstrongswandosvulnaug09.nasl 4869 2016-12-29 11:01:45Z teissa $ strongSwan Denial Of Service Vulnerability - Aug09 Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

5CVSS0.1AI score0.01577EPSS
Exploits0References2
Rows per page
Query Builder