Download
| Alert*
oval:org.secpod.oval:def:67625
The host is installed with Kibana before 6.8.7 or 7.x before 7.6.1 and is prone to a HTTP request smuggling vulnerability. A flaw is present in the application, which fails to properly handle an issue in malformed HTTP headers. Successful exploitation could allow an attacker to cause HTTP request sm ... oval:org.secpod.oval:def:67547 The host is installed with Node.js 10.0.0 before 10.19.0, 12.0.0 before 12.15.0, 13.0.0 before 13.8.0 and is prone to an improper input validation vulnerability. A flaw is present in the application which fails to handle trailing white space in HTTP header values. Successful exploitation can allow a ... oval:org.secpod.oval:def:1504519 nodejs [1:10.19.0-1] - Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606 [1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518 [1:10.14.1-1] - Resolves: RHBZ#1644207 - fixes node-gyp permissions - rebase [1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependenc ... oval:org.secpod.oval:def:64006 Oracle Solaris 11 - ( CVE-2019-15605 ) oval:org.secpod.oval:def:89000221 This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string . - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header . - CVE-2019 ... oval:org.secpod.oval:def:66769 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:2004627 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons oval:org.secpod.oval:def:89000175 This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string . - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malfo ... oval:org.secpod.oval:def:2105841 Oracle Solaris 11 - ( CVE-2019-15605 ) oval:org.secpod.oval:def:2500152 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:505104 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-E ... oval:org.secpod.oval:def:504801 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-E ... oval:org.secpod.oval:def:503539 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:69485 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP request smuggling using malformed Transfer-Encoding head ... oval:org.secpod.oval:def:83396 The host is installed with Node.js 10.0.0 before 10.19.0, 12.0.0 before 12.15.0, 13.0.0 before 13.8.0 and is prone to an improper input validation vulnerability. A flaw is present in the application which fails to handle trailing white space in HTTP header values. Successful exploitation can allow a ... oval:org.secpod.oval:def:2500123 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1504526 nodejs [1:12.16.1-1] - Resolves: RHBZ#1800393, RHBZ#1800394, RHBZ#1800380 - Rebase to 12.16.1 nodejs-nodemon nodejs-packaging oval:org.secpod.oval:def:604825 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. oval:org.secpod.oval:def:63513 Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or HTTP request smuggling. |