25 matches found
ROOT-OS-UBUNTU-2204-CVE-2024-35948 CVE-2024-35948 in rootio-linux - Patched by Root
Root has patched CVE-2024-35948 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...
ROOT-OS-UBUNTU-2404-CVE-2024-35948 CVE-2024-35948 in rootio-linux - Patched by Root
Root has patched CVE-2024-35948 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2024-35948
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair...
CVE-2024-35948
In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low...
SUSE: Security Advisory (SUSE-SU-2022:3251-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag...
SUSE: Security Advisory (SUSE-SU-2022:3250-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3250-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag...
SUSE: Security Advisory (SUSE-SU-2022:3196-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...
CVE-2022-35948
creationtimestamp| type| source ---|---|--- 2022-08-15 14:37:42+00:00| published-proof-of-concept| https://t.me/cibsecurity/48129 2022-10-10 22:26:42+00:00| seen| https://t.me/ctinow/68259...
CVE-2022-35948
undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...
CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type
undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...
CVE-2022-35948 CRLF Injection in Nodejs ‘undici’ via Content-Type
undici is an HTTP/1.1 client, written from scratch for Node.js.= [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more specifically, inside the content-type header. Example: import request from 'undici' const unsanitizedContentTypeInp...
Internet Bug Bounty: CVE-2022-35948: CRLF Injection in Nodejs ‘undici’ via Content-Type
undici library should be protects HTTP headers from CRLF injection vulnerabilities. However, CRLF injection exists in the ‘content-type’ header of undici.request api. Impact = [email protected] users are vulnerable to CRLF Injection on headers when using unsanitized input as request headers, more...
CVE-2021-35948
creationtimestamp| type| source ---|---|--- 2021-09-08 00:22:53+00:00| seen| https://t.me/cibsecurity/28394...
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...
CVE-2021-35948
CVE-2021-35948 affects ownCloud Server prior to 10.8.0. The vulnerability is a session-fixation issue where an attacker can force a target client to use a controlled cookie, allowing bypass of password protection on public links. Affected component: ownCloud Server public links/session handling. ...
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie...