Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities

Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...

Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway

Summary IBM has addressed the following CVEs: CVE-2020-8287, CVE-2020-8265 Vulnerability Details CVEID: CVE-2020-8287 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling. By sending specially crafted HTTP request headers, an attacker could exploit this vulnerability to poison the web...

Security Bulletin: Potential vulnerability with Node.js

Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain...

SUSE: Security Advisory (SUSE-SU-2021:0062-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0068-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0061-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2021:0107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265)

Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2020-8265 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities

Summary App Connect Enterprise flows may be susceptible to denial of service attacks due to CVE-2020-1971 and CVE-2020-8265 in the Node.js runtime, and all components may be vulnerable to HTTP request smuggling due to CVE-2020-8287. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL ...

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:0066-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2021:0065-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:0064-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2021:0082-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Summary Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable t...

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2020-8265 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a use-after-free in TLSWrap within the TLS implementation. By writing to a TLS enabled socket, an attacker could...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. This product has addressed the applicable CVEs. Node.js Update 4-Jan-2021 and 23-Feb-2021 security releases are available. Vulnerability Details CVEID: CVE-2020-1971...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker...

Security fix for the ALT Linux 9 package node version 14.15.4-alt1

Feb. 5, 2021 Vitaly Lipatov 14.15.4-alt1 - new version 14.15.4 with rpmrb script - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference High - CVE-2020-8265: use-after-free in TLSWrap High - CVE-2020-8287: HTTP Request Smuggling in nodejs Low...

Security fix for the ALT Linux 10 package node version 14.15.4-alt1

Feb. 5, 2021 Vitaly Lipatov 14.15.4-alt1 - new version 14.15.4 with rpmrb script - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference High - CVE-2020-8265: use-after-free in TLSWrap High - CVE-2020-8287: HTTP Request Smuggling in nodejs Low...

openSUSE Security Update : nodejs12 (openSUSE-2021-64)

This update for nodejs12 fixes the following issues : - New upstream LTS version 12.20.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap objec...