OESA-2026-1951 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

EUVD-2026-17174

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

ALPINE-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

UBUNTU-CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

Ivanti Secure Access 22.x Multiple Vulnerabilities

The Ivanti Secure Access installed on the remote host is 22.x. It is, therefore, affected by multiple vulnerabilities: - A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM. CVE-2023-38042 - A local privilege...

Ivanti Connect Secure 9.1Rx < 9.1R18.9 / 22.x < 22.7R2.1 RCE

The Ivanti Connect Secure installed on the remote host is 9.1Rx prior to 9.1R18.9, 22.x prior to 22.7R2.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relie...

Ivanti Policy Secure 22.x < 22.7R1.1 RCE

The Ivanti Policy Secure installed on the remote host is prior to 22.7R1.1. It is, therefore, affected by a remote code execution vulnerability due to improper input validation in the admin portal. Note that Nessus has not tested for this issue but has instead relied only on the application's...

OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack program open-sourced by OpenStack. It is used to configure bare metal rather than virtual machines. A security vulnerability exists in OpenStack Ironic that stems from a lack of checksum validation of the provided imagesource URL. The following versions...

PT-2024-25529 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x through 21.2s9 Cosy+ devices versions 22.x through 22.1s2 Description: The issue concerns insecure permissions in Cosy+ devices, which can lead to information leakage through cookies. This problem is resolved in...

PT-2024-25531 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x below 21.2s10 Cosy+ devices versions 22.x below 22.1s3 Description: The issue is related to insecure permissions, where several processes are executed with elevated privileges. This is an example of Execution with...

PT-2024-25532 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x below 21.2s10 Cosy+ devices versions 22.x below 22.1s3 Description: The issue concerns the use of a unique key for encrypting configuration parameters in Cosy+ devices. This key is not unique per device in affected...

CVE-2024-33892

Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in version 21.2s10 and 22.1s3...

Fedoraproject Fedora SEoL (22.x)

According to its version, Fedoraproject Fedora is 22.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 ...

CVE-2024-3802

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

Ivanti Connect Secure 9.x / 22.x Multiple Vulnerabilities (CVE-2024-21894)

The Ivanti Connect Secure installed on the remote host is 9.x or 22.x. It is, therefore, affected by multiple vulnerabilities: - A heap overflow vulnerability in IPSec component of Ivanti Connect Secure 9.x, 22.x and Ivanti Policy Secure allows an unauthenticated malicious user to send specially...

Ivanti Connect Secure Unauthenticated Remote Code Execution

This module chains a server side request forgery SSRF vulnerability CVE-2024-21893 and a command injection vulnerability CVE-2024-21887 to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supporte...

Ivanti Connect Secure 9.x / 22.x SSRF-RCE Chain (CVE-2024-21893)

Binary data ivanticsssrfrceCVE-2024-21893.nbin...

Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)

Binary data ivanticsCVE-2024-21887.nbin...

CVE-2017-14328

Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to trigger a buffer overflow leading to a reboot...