MiracleLinux 7 : rh-nodejs12-nodejs-12.18.2-1.el7 (AXSA:2020-219:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-219:03 advisory. ICU: Integer overflow in UnicodeString::doAppend CVE-2020-10531 nghttp2: overly large SETTINGS frames can lead to DoS CVE-2020-11080 nodejs-minimist:...

CVE-2025-8172 itsourcecode Employee Management System index.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2025-8172

CVE-2025-8172 affects itsourcecode Employee Management System 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/index.php triggered by manipulating the Username parameter. It is exploitable remotely, and the exploit has been publicly disclosed. Multiple sources i...

CVE-2025-8172 itsourcecode Employee Management System index.php sql injection

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2019-8172

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure...

CVE-2024-8172

creationtimestamp| type| source ---|---|--- 2024-08-26 18:49:26+00:00| seen| https://t.me/cvedetector/4167...

CVE-2024-8172 SourceCodester QR Code Attendance System delete-student.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...

CVE-2024-8172 SourceCodester QR Code Attendance System delete-student.php cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...

Rocky Linux 8 : nodejs:12 (RLSA-2020:2852)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:2852 advisory. - In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a...

BELL-CVE-2020-8172 CVE-2020-8172 does not affect BellSoft software

Bulletin has no description...

RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:2895)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2895 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

Hitachi Energy Gateway Station (GWS) Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Product Vulnerability: Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate...

Security Bulletin: IBM DataPower Monitor is potentially vulnerable to an authentication bypass (CVE-2020-8172)

Summary IBM has addressed the relevant CVE CVE-2020-8172 Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be emitted before the 'secureConnect' event and possibly allow for the reuse of the TLS...

CVE-2016-8172

CVE-2016-8172 is rejected/not used; not an active vulnerability entry.

CVE-2016-8172

...

Security Bulletin: App Connect Enterprise Certified Container is affected by multiple Node.js vulnerabilities

Summary App Connect Enterprise Certified Container is vulnerable to CVE-2020-10531, CVE-2020-11080, CVE-2020-8174, CVE-2020-8172 in Node.js Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2 session frame which i...

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by a International Components for Unicode (ICU) for C/C++ vulnerability (CVE-2020-10531)

Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in International Components for Unicode ICU for C/C++ Vulnerability Details CVEID: CVE-2020-11080 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error in the HTTP/2...

Oracle Linux 8 : nodejs:12 (ELSA-2020-2852)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2852 advisory. - Fix CVE-2020-10531 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities

Summary Security Bulletin: Version 10.19.0 of Node.js included in IBM Netcool Operations Insight 1.6.0.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8172 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. The 'session' event could be...

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Protect Plus (CVE-2020-10531, CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)

Summary Node.js is vulnerable to buffer overflows, bypass of security restrictions, and denial of service which may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-10531 DESCRIPTION: International Components for Unicode ICU for C/C++ is vulnerable to a heap-based buffer...