Lucene search
+L

59 matches found

cbl_mariner
cbl_mariner
added 2024/03/14 10:34 p.m.33 views

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...

9.8CVSS7.3AI score0.21952EPSS
Exploits1
nessus
nessus
added 2024/02/29 12:0 a.m.21 views

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

9.8CVSS7.1AI score0.81464EPSS
Exploits13References19
f5
f5
added 2023/02/21 6:53 p.m.119 views

K53225395: Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931

Security Advisory Description CVE-2021-3672 Missing input validation of host names returned by Domain Name Servers DNS in the c-ares library can lead to output of wrong hostnames which may lead to Domain Hijacking. CVE-2021-22931 Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote...

9.8CVSS7.3AI score0.21952EPSS
Exploits2Affected Software14
ibm
ibm
added 2022/08/22 3:24 p.m.55 views

Security Bulletin: IBM has announced a release for IBM Security Verify Governance in response to a security vulnerability (CVE-2021-22931)

Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerability. The vulnerability is caused by Node.js being vulnerable to Domain Hijacking and and injection vulnerabilities due to missing input validation of host names returned by Domain Name...

9.8CVSS9.5AI score0.21952EPSS
Exploits1Affected Software1
ibm
ibm
added 2022/05/31 2:57 p.m.53 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...

9.8CVSS1.3AI score0.37286EPSS
Exploits16Affected Software1
cbl_mariner
cbl_mariner
added 2022/04/09 6:52 a.m.26 views

CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1

CVE-2021-22931 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...

9.8CVSS9.8AI score0.21952EPSS
Exploits1
nessus
nessus
added 2022/02/09 12:0 a.m.69 views

Rocky Linux 8 : nodejs:14 (RLSA-2021:3666)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3666 advisory. - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host...

9.8CVSS7.2AI score0.37286EPSS
Exploits5References18
openvas
openvas
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.21952EPSS
Exploits3References7
ncsc
ncsc
added 2022/01/19 12:0 a.m.6 views

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in the following products: PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise CS SA Integration Pack The vulnerabilities potentially enable a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS...

9.8CVSS8AI score0.50445EPSS
Exploits10
ibm
ibm
added 2021/12/21 5:39 p.m.53 views

Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities

Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...

9.8CVSS8.4AI score0.37286EPSS
Exploits2Affected Software1
ibm
ibm
added 2021/11/09 6:8 p.m.32 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames...

9.8CVSS1AI score0.21952EPSS
Exploits1Affected Software1
ibm
ibm
added 2021/10/29 9:37 p.m.104 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js

Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file...

9.8CVSS0.6AI score0.37286EPSS
Exploits4Affected Software1
ibm
ibm
added 2021/10/22 2:3 p.m.39 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...

9.8CVSS0.9AI score0.37286EPSS
Exploits2Affected Software2
ibm
ibm
added 2021/10/21 5:9 p.m.47 views

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this...

9.8CVSS1AI score0.37286EPSS
Exploits3Affected Software1
ibm
ibm
added 2021/10/20 10:8 a.m.27 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to domain hijacking due to CVE-2021-22931

Summary IBM App Connect Enterprise Certified Container may be vulnerable to domain hijacking due to CVE-2021-22931. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input...

9.8CVSS1AI score0.21952EPSS
Exploits1Affected Software1
nessus
nessus
added 2021/10/19 12:0 a.m.145 views

Node.js Multiple Vulnerabilities (August 2021 Security Releases)

The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...

9.8CVSS7.7AI score0.21952EPSS
Exploits2References4
nessus
nessus
added 2021/09/29 12:0 a.m.47 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References16
redhat
redhat
added 2021/09/27 7:40 a.m.292 views

Important: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.37286EPSS
Exploits5References10
osv
osv
added 2021/09/27 6:47 a.m.39 views

RLSA-2021:3666 Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8.5AI score0.37286EPSS
Exploits5References10
oraclelinux
oraclelinux
added 2021/09/27 12:0 a.m.65 views

nodejs:14 security and bug fix update

nodejs 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ1847529 make FIPS always available - Resolves: RHBZ1988599, RHBZ1994000, RHBZ1993998, RHBZ1993095 - Resolves: RHBZ1994028,...

9.8CVSS1.5AI score0.37286EPSS
Exploits7
Rows per page
Query Builder