Vulnerability Name:

CVE-2020-8201

Assigned:2020-09-15
Published:2020-09-15
Updated:2022-05-24
Summary:Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
CVSS v3 Severity:7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-444
References:Source: MITRE
Type: CNA
CVE-2020-8201

Source: SUSE
Type: Third Party Advisory
openSUSE-SU-2020:1616

Source: MISC
Type: Permissions Required
https://hackerone.com/reports/922597

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-43d5a372fc

Source: MISC
Type: Vendor Advisory
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-07

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201009-0004/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nodejs:node.js:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.11.0)
  • OR cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 12.0.0 and < 12.18.4)

    • Configuration 2:
  • cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2020-8201 (CCN-188591)

    Assigned:2020-09-15
    Published:2020-09-15
    Updated:2021-01-11
    Summary:Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.
    CVSS v3 Severity:7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
    6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): None
    7.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
    6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): None
    7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
    6.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): None
    CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Medium
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): None
    7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): High
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): None
    Vulnerability Type:CWE-444
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2020-8201

    Source: SUSE
    Type: Third Party Advisory
    openSUSE-SU-2020:1616

    Source: XF
    Type: UNKNOWN
    nodejs-cve20208201-request-smuggling(188591)

    Source: MISC
    Type: Permissions Required
    https://hackerone.com/reports/922597

    Source: FEDORA
    Type: UNKNOWN
    FEDORA-2020-43d5a372fc

    Source: CCN
    Type: Node.js Blog, 2020-09-15
    September 2020 Security Releases

    Source: MISC
    Type: Vendor Advisory
    https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

    Source: GENTOO
    Type: UNKNOWN
    GLSA-202101-07

    Source: CONFIRM
    Type: UNKNOWN
    https://security.netapp.com/advisory/ntap-20201009-0004/

    Source: CCN
    Type: IBM Security Bulletin 6359901 (Spectrum Control)
    Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)

    Source: CCN
    Type: IBM Security Bulletin 6364969 (Watson Discovery)
    IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

    Source: CCN
    Type: IBM Security Bulletin 6367943 (Spectrum Protect Plus)
    Vulnerabilities in jQuery, Spring, Dom4j, MongoDB, Linux Kernel, Targetcli-fb, Jackson, Node.js, and Apache Commons affect IBM Spectrum Protect Plus

    Source: CCN
    Type: IBM Security Bulletin 6373618 (Streams Designer)
    Node.js upgrade for IBM Cloud Pak for Data Streams Flows

    Source: CCN
    Type: IBM Security Bulletin 6373628 (Streams Designer)
    Node.js upgrade for IBM Cloud Pak for Data Streams Flows

    Source: CCN
    Type: IBM Security Bulletin 6379130 (Watson Developer Cloud)
    Potential vulnerability with Node.js

    Source: CCN
    Type: IBM Security Bulletin 6380402 (SDK for Node.js for Bluemix)
    Multiple vulnerabilities affect IBM SDK for Node.js in IBM Cloud

    Source: CCN
    Type: IBM Security Bulletin 6381256 (Business Automation Workflow)
    Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-8201, CVE-2020-8252, CVE-2020-8251

    Source: CCN
    Type: IBM Security Bulletin 6381846 (Cloud Transformation Advisor)
    IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.

    Source: CCN
    Type: IBM Security Bulletin 6382230 (App Connect Enterprise Certified Container)
    App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling

    Source: CCN
    Type: IBM Security Bulletin 6382360 (Netcool Operations Insight)
    Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability

    Source: CCN
    Type: IBM Security Bulletin 6382364 (Netcool Operations Insight)
    Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability

    Source: CCN
    Type: IBM Security Bulletin 6382372 (Cloud Pak for Multicloud Management)
    A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management

    Source: CCN
    Type: IBM Security Bulletin 6382878 (Cloud Pak for Automation)
    Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

    Source: CCN
    Type: IBM Security Bulletin 6386338 (Cloud Event Management)
    Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities

    Source: CCN
    Type: IBM Security Bulletin 6395504 (Event Streams)
    IBM Event Streams is affected by multiple Node.js vulnerabilities

    Source: CCN
    Type: IBM Security Bulletin 6395552 (Netcool Agile Service Manager)
    Vulnerability in Node.js affects IBM Netcool Agile Service Manager

    Source: CCN
    Type: IBM Security Bulletin 6397686 (Cloud Pak for Integration)
    IBM Cloud Pak for Integration is affected by multiple Node.js vulnerabilities

    Source: CCN
    Type: IBM Security Bulletin 6410494 (API Connect)
    IBM API Connect is impacted by multiple vulnerabilities in Node.js.(CVE-2020-8201 CVE-2020-8251 CVE-2020-8252 )

    Source: CCN
    Type: IBM Security Bulletin 6412707 (Planning Analytics)
    IBM Planning Analytics Workspace is affected by security vulnerabilities

    Source: CCN
    Type: IBM Security Bulletin 6417485 (Cloud Private)
    IBM Cloud Private is vulnerable to Node.js vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251)

    Source: CCN
    Type: IBM Security Bulletin 6437245 (InfoSphere Information Server)
    Multiple vulnerabilities in Node.js affect IBM InfoSphere Information Server

    Source: CCN
    Type: IBM Security Bulletin 6453411 (Cloud Pak for Data)
    Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js

    Source: CCN
    Type: IBM Security Bulletin 6461891 (Cloud Pak for Applications)
    IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

    Source: CCN
    Type: IBM Security Bulletin 6497219 (QRadar Network Packet Capture)
    Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nodejs:node.js:10:*:*:*:*:*:*:*
  • OR cpe:/a:nodejs:node.js:12:*:*:*:*:*:*:*
  • OR cpe:/a:nodejs:node.js:14.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:business_process_manager:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sdk:*:*:node.js:*:bluemix:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_packet_capture:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_developer_cloud:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_data:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_developer_cloud:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:2018.4.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_data:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams_designer:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams_designer:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:streams_designer:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:api_connect:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_applications:4.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:51999
    P
    		Security update for tiff (Important)
    2023-02-10
    oval:org.opensuse.security:def:642
    P
    		Security update for nodejs10 (Moderate) (in QA)
    2022-09-30
    oval:org.opensuse.security:def:641
    P
    		Security update for nodejs12 (Moderate) (in QA)
    2022-09-30
    oval:org.opensuse.security:def:20208201
    V
    		CVE-2020-8201
    2022-09-02
    oval:org.opensuse.security:def:4304
    P
    		Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:113037
    P
    		nodejs14-14.17.5-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:4243
    P
    		Security update for MozillaFirefox (Important) (in QA)
    2022-01-14
    oval:org.opensuse.security:def:67387
    P
    		Security update for libsndfile (Important)
    2022-01-11
    oval:org.opensuse.security:def:4227
    P
    		Security update for flatpak (Important)
    2021-10-20
    oval:org.opensuse.security:def:70837
    P
    		Security update for ffmpeg (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:106478
    P
    		nodejs14-14.17.5-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:38801
    P
    		Security update for curl (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:4215
    P
    		Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:64753
    P
    		Security update for openssl-1_1 (Important)
    2021-08-24
    oval:org.opensuse.security:def:38107
    P
    		Security update for cpio (Important)
    2021-08-23
    oval:org.opensuse.security:def:14168
    P
    		hyper-v-7-13.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14349
    P
    		perl-XML-LibXML-2.0019-5.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14102
    P
    		colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14305
    P
    		libvdpau1-1.1.1-6.73 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14012
    P
    		ppp-2.4.7-1.4 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14187
    P
    		libMagickCore-6_Q16-1-6.8.8.1-70.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14360
    P
    		python-doc-2.7.13-27.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15011
    P
    		libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14150
    P
    		gnome-shell-3.20.4-76.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14034
    P
    		squashfs-4.3-6.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:15033
    P
    		libmysqlclient18-10.0.40.1-2.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14280
    P
    		libpython2_7-1_0-2.7.13-27.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14004
    P
    		perl-HTML-Parser-3.71-1.145 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:14373
    P
    		rrdtool-1.4.7-20.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:63102
    P
    		reiserfs-kmp-default-5.3.18-57.3 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63130
    P
    		python3-keystoneclient-4.0.0-9.4.5 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63416
    P
    		nodejs12-12.21.0-4.13.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101417
    P
    		nodejs12-12.21.0-4.13.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63417
    P
    		nodejs14-14.16.0-5.9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63098
    P
    		openldap2-2.4.46-9.51.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:101418
    P
    		nodejs14-14.16.0-5.9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2327
    P
    		nodejs12-12.21.0-4.13.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2328
    P
    		nodejs14-14.16.0-5.9.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:4142
    P
    		Security update for wireshark (Moderate)
    2021-07-22
    oval:org.opensuse.security:def:51927
    P
    		Security update for the Linux Kernel (Important)
    2021-07-21
    oval:org.opensuse.security:def:4129
    P
    		Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)
    2021-06-01
    oval:org.opensuse.security:def:64509
    P
    		Security update for libX11 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:4121
    P
    		Security update for librsvg (Important)
    2021-04-28
    oval:org.opensuse.security:def:5023
    P
    		Security update for MozillaFirefox (Important)
    2021-04-27
    oval:org.opensuse.security:def:52033
    P
    		Security update for MozillaFirefox (Important)
    2021-03-31
    oval:org.opensuse.security:def:51736
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:64646
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:64645
    P
    		Security update for wpa_supplicant (Important)
    2021-02-11
    oval:org.opensuse.security:def:38654
    P
    		Security update for MozillaFirefox (Important)
    2021-01-29
    oval:org.opensuse.security:def:4184
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:70724
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:4363
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP5) (Important)
    2020-12-07
    oval:org.opensuse.security:def:63601
    P
    		transfig-3.2.6a-2.86 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63105
    P
    		python3-keystoneclient-3.15.0-2.33 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63308
    P
    		uuidd-2.33.1-4.5.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:4349
    P
    		Security update for the Linux Kernel (Important)
    2020-12-02
    oval:org.opensuse.security:def:4356
    P
    		Security update for the Linux Kernel (Important)
    2020-12-02
    oval:org.opensuse.security:def:4324
    P
    		Security update for the Linux Kernel (Live Patch 16 for SLE 15) (Important)
    2020-12-02
    oval:org.opensuse.security:def:4359
    P
    		Security update for the Linux Kernel (Live Patch 18 for SLE 15) (Important)
    2020-12-02
    oval:org.opensuse.security:def:5001
    P
    		Security update for nodejs10 (Critical)
    2020-12-02
    oval:org.opensuse.security:def:67487
    P
    		Security update for nodejs12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38023
    P
    		perl-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38494
    P
    		sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74967
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38829
    P
    		xorg-x11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51030
    P
    		Security update for cf-cli (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51840
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:39511
    P
    		Security update for nodejs4 (Important)
    2020-12-01
    oval:org.opensuse.security:def:64180
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38346
    P
    		libpcsclite1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64913
    P
    		Security update for ncurses (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38762
    P
    		opie on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50661
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75100
    P
    		Security update for nodejs12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:51461
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74046
    P
    		Security update for librsvg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63804
    P
    		Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:39553
    P
    		Security update for nodejs12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:53384
    P
    		Security update for postgresql12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38011
    P
    		openssh on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38873
    P
    		libuuid-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51193
    P
    		Security update for webkit2gtk3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74172
    P
    		Security update for nodejs12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38012
    P
    		openvpn on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38404
    P
    		libxmltooling6 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65025
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50795
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:53454
    P
    		Security update for nodejs12 (Important)
    2020-12-01
    oval:org.opensuse.security:def:50638
    P
    		Security update for gpg2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52108
    P
    		Security update for mariadb-connector-c (Important)
    2020-12-01
    oval:org.opensuse.security:def:63951
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:38244
    P
    		libQt5WebKit5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64855
    P
    		Security update for subversion (Important)
    2020-12-01
    oval:org.opensuse.security:def:38713
    P
    		libpolkit0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50639
    P
    		Security update for postgresql10 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51297
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20204272
    P
    		RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate)
    2020-10-19
    oval:org.opensuse.security:def:110795
    P
    		Security update for nodejs12 (Important)
    2020-10-05
    oval:org.opensuse.security:def:102804
    P
    		Security update for nodejs12 (Important)
    2020-10-01
    oval:org.opensuse.security:def:109470
    P
    		Security update for nodejs12 (Important)
    2020-10-01
    oval:org.opensuse.security:def:118566
    P
    		Security update for nodejs12 (Important)
    2020-10-01
    oval:org.opensuse.security:def:96114
    P
    		Security update for nodejs12 (Important)
    2020-10-01
    BACK
    nodejs node.js *
    nodejs node.js *
    opensuse leap 15.2
    fedoraproject fedora 33
    nodejs node.js 10
    nodejs node.js 12
    nodejs node.js 14.0
    ibm business process manager 8.5
    ibm sdk *
    ibm business process manager 8.6
    ibm infosphere information server 11.7
    ibm spectrum protect plus 10.1.0
    ibm spectrum control 5.3.1
    ibm spectrum control 5.3.2
    ibm spectrum control 5.3.3
    ibm spectrum control 5.3.0.1
    ibm qradar network packet capture 7.3
    ibm event streams 2019.2.1
    ibm watson discovery 2.0.0
    ibm api connect 2018.4.1.0
    ibm watson developer cloud 1.4.0
    ibm cloud pak for data 2.5
    ibm cloud private 3.2.1 cd
    ibm watson developer cloud 1.4.1
    ibm cloud pak for automation 20.0.1
    ibm business automation workflow 18.0
    ibm business automation workflow 19.0
    ibm business automation workflow 20.0
    ibm spectrum protect plus 10.1.6
    ibm cloud private 3.2.2 cd
    ibm spectrum control 5.3.4
    ibm spectrum control 5.3.5
    ibm spectrum control 5.3.6
    ibm spectrum control 5.3.7
    ibm api connect 2018.4.1.13
    ibm app connect enterprise certified container 1.0.0
    ibm app connect enterprise certified container 1.0.1
    ibm app connect enterprise certified container 1.0.2
    ibm app connect enterprise certified container 1.0.3
    ibm cloud pak for data 3.0
    ibm api connect 10.0.0.0
    ibm app connect enterprise certified container 1.0.4
    ibm streams designer 2.5
    ibm streams designer 3.0
    ibm streams designer 3.0.1
    ibm watson discovery 2.1.4
    ibm event streams 2019.4.0
    ibm event streams 10.0
    ibm api connect 10.0.1.0
    ibm planning analytics 2.0
    ibm cloud pak for applications 4.3