Lucene search
K

39 matches found

nessus
nessus
added 2025/03/04 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2021-23358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

7.2CVSS6.3AI score0.04087EPSS
Exploits2References2
nessus
nessus
added 2024/07/12 12:0 a.m.27 views

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-underscore: Arbitrary code execution via the template function CVE-2021-23358 - node-fetch is...

7.5CVSS8.2AI score0.04087EPSS
Exploits5References6
nessus
nessus
added 2024/06/03 12:0 a.m.73 views

RHEL 8 : grafana (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - grafana: session control failure may lead to information disclosure CVE-2022-32275 - protobufjs: prototyp...

9.8CVSS7.8AI score0.08606EPSS
Exploits6References16
ibm
ibm
added 2023/05/17 7:40 p.m.73 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI

Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS8.1AI score0.99019EPSS
Exploits27Affected Software1
circl
circl
added 2023/02/26 3:28 p.m.4 views

CVE-2021-23358

creationtimestamp| type| source ---|---|--- 2023-02-26 15:28:30+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7824...

7.2CVSS6.1AI score0.04087EPSS
Exploits2References1
nessus
nessus
added 2023/01/20 12:0 a.m.86 views

Oracle Primavera Unifier (Jan 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface UnderscoreJS. Supported version...

7.5CVSS6.2AI score0.04087EPSS
Exploits5References6
openvas
openvas
added 2022/11/07 12:0 a.m.28 views

Tenable Nessus < 10.1.0 Arbitrary Code Injection Vulnerability (TNS-2022-04)

Tenable Nessus is prone to an arbitrary code injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2CVSS7.3AI score0.04087EPSS
Exploits2References1
atlassian
atlassian
added 2022/07/04 12:22 a.m.48 views

Workbox: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Workbox host plugin in Confluence is currently using underscore.js 1.3.1. This is old enough to not be vulnerable to CVE-2021-23358, but it should be using the version provided by Confluence, not its own The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and...

7.2CVSS2.2AI score0.04087EPSS
Exploits2
atlassian
atlassian
added 2022/07/04 12:8 a.m.45 views

Mobile web: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary The mobile web view in Confluence is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template functio...

7.2CVSS2AI score0.04087EPSS
Exploits2
atlassian
atlassian
added 2022/07/04 12:7 a.m.133 views

Notifications: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Atlassian Notifications is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

7.2CVSS2.4AI score0.04087EPSS
Exploits2
atlassian
atlassian
added 2022/07/04 12:4 a.m.51 views

UPM: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary UPM is currently using underscore.js 1.4.4. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variabl...

7.2CVSS2AI score0.04087EPSS
Exploits2
nessus
nessus
added 2022/02/03 12:0 a.m.49 views

Tenable Nessus 10.x < 10.1.0 / 8.x < 8.15.3 Third-Party Vulnerability (TNS-2022-04)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.1.0, or 8.x prior to 8.15.3. It is, therefore, affected by a vulnerability in a third-party library: - The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and...

7.2CVSS6.5AI score0.04087EPSS
Exploits2References4
ibm
ibm
added 2021/12/15 8:11 a.m.40 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability - Underscore.js (CVE-2021-23358)

Summary IBM Security SOAR is using a component with a known vulnerability - Underscore.js CVE-2021-23358 Vulnerability Details CVEID: CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the template...

7.2CVSS7.2AI score0.04087EPSS
Exploits2
atlassian
atlassian
added 2021/10/21 11:57 a.m.85 views

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...

7.2CVSS2.1AI score0.04087EPSS
Exploits2Affected Software1
atlassian
atlassian
added 2021/10/21 11:57 a.m.161 views

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Confluence is currently using underscore.js 1.10.2. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a...

7.2CVSS2.1AI score0.04087EPSS
Exploits2
ibm
ibm
added 2021/09/28 7:3 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...

8.1CVSS0.7AI score0.10608EPSS
Exploits4Affected Software4
nessus
nessus
added 2021/08/11 12:0 a.m.43 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.2AI score0.9947EPSS
Exploits96References7
nessus
nessus
added 2021/07/31 12:0 a.m.86 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.1AI score0.9947EPSS
Exploits96References4
ibm
ibm
added 2021/07/30 5:1 a.m.33 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to underscore vulnerability (CVE-2021-23358)

Summary IBM Cloud Pak for Integration is vulnerable to underscore vulnerability CVE-2021-23358 with details below. Vulnerability Details CVEID: CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

7.2CVSS1.3AI score0.04087EPSS
Exploits2Affected Software1
atlassian
atlassian
added 2021/07/27 12:52 a.m.119 views

Vulnerable version of Underscore.js used - CVE-2021-23358

Affected versions of Atlassian Jira Server and Data Center used Underscore.js 1.9.1, which was vulnerable to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358. The affected versions of Atlassian Jira Server and Data Center are before version 8.18.0. Affected versions: version 8.13.10 8.14.0 =...

7.2CVSS5.3AI score0.04087EPSS
Exploits2Affected Software1
Rows per page
Query Builder