59 matches found
CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3
CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...
CentOS 9 : nodejs-16.16.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...
K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931
Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers DNS in the c-ares library can lead to output of wrong hostnames which may lead to Domain Hijacking. CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote...
Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)
Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js being vulnerable to Domain Hijacking and and injection vulnerabilities due to missing input validation of host names returned by Domain Name...
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...
CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1
CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...
Rocky Linux 8 : nodejs:14 (RLSA-2021:3666)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3666 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...
Mageia: Security Advisory (MGASA-2021-0463)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Vulnerabilities fixed in Oracle PeopleSoft
Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...
Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities
Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...
Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services
Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js
Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities
Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to domain hijacking due to CVE-2021-22931
Summary IBM App Connect Enterprise Certified Container may be vulnerable to domain hijacking due to CVE-2021-22931. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input...
Node.js Multiple Vulnerabilities (August 2021 Security Releases)
The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...
openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...
Important: Red Hat Security Advisory: nodejs:14 security and bug fix update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2021:3666 Important: nodejs:14 security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...
nodejs:14 security and bug fix update
nodejs 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ1847529 make FIPS always available - Resolves: RHBZ1988599, RHBZ1994000, RHBZ1993998, RHBZ1993095 - Resolves: RHBZ1994028,...