Lucene search
K

63 matches found

Oracle linux
Oracle linux
added 2026/04/09 12:0 a.m.8 views

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 Resolves: RHEL-154019 Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-27135 CVE-2026-1528 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...

9.8CVSS5.9AI score0.26356EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.4 views

Atlassian Confluence 8.5.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.2.3 / 10.2.6 (CONFSERVER-102185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-102185 advisory. - Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrust...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.8 views

Oracle Linux 9 : nodejs:20 (ELSA-2026-2783)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2783 advisory. - Resolves: CVE-2022-25883 - Resolves: CVE-2021-35065 - Rebase to 2.0.20 Resolves: CVE-2022-3517 - Resolves CVE-2020-28469 Tenable has extracted the...

9.1CVSS6.9AI score0.04456EPSS
Exploits5References7
OSV
OSV
added 2025/12/20 9:3 a.m.14 views

RLSA-2023:5360 Important: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16. BZ2233891 Security Fixes: nodejs: Permissions policies can be bypassed via...

8.8CVSS6.8AI score0.02761EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:32 p.m.3 views

Security Bulletin: Fusion Data Foundation is vulnerable to CVE-2022-25883 in emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz

Summary emver-5.7.1.tgz, semver-6.3.0.tgz, semver-7.3.8.tgz is used by Fusion Data Foundation in management-console. This bulletin identifies the steps to take to address the vulnerability CVE-2022-25883 in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION...

7.5CVSS7.5AI score0.02761EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-25883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is...

7.5CVSS6.8AI score0.02761EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/08/29 4:23 p.m.38 views

Low: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.2 bug fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

7.5CVSS6.6AI score0.02761EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/08/28 6:1 p.m.18 views

Low: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.6.2 security updates and bug fixes

Multicluster Engine for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

7.5CVSS6.7AI score0.02761EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 8:1 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )

Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

7.5CVSS8AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/01 3:33 p.m.34 views

Security Bulletin: Cloud Pak System is vulnerable to Node.js ReDos (CVE-2022-25883)

Summary ReDos vulnerability found in semver Node.js package affects Cloud Pak System. IBM Cloud Pak System Software has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression...

7.5CVSS7.3AI score0.02761EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.19 views

RHEL 6 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

7.5CVSS7AI score0.02761EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 9 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-semver: Regular expression denial of service CVE-2022-25883 Note that Nessus has not tested for this issue b...

7.5CVSS6.9AI score0.02761EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/16 8:23 p.m.42 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information CVE-2024-28849,...

9.8CVSS10AI score0.08515EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 6:50 p.m.38 views

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

9.3CVSS8.3AI score0.02761EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2024/02/07 3:32 p.m.48 views

Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.4 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

7.5CVSS6.6AI score0.02761EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/01 7:13 p.m.29 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Assistant App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is...

7.5CVSS7AI score0.24928EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 1:34 p.m.26 views

Security Bulletin: IBM Watson AI Gateway for IBM Cloud Pak for Data is vulnerable to Node.js semver package denial of service vulnerabilitiy [ CVE-2022-25883]

Summary Potential Node.js semver package denial of service vulnerabilitiy have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2022-25883 Vulnerability Details...

7.5CVSS7.5AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/21 5:24 p.m.67 views

Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Injection, Regular Expression Denial of Service (ReDoS), and Arbitrary Code Execution and via use of postcss, semver, babel-traverse (CVE-2023-45133, CVE-2022-25883, CVE-2023-44270)

Summary JavaScript libraries postcss, semver, and babel-traverse are used by IBM Storage Fusion HCI's Web Interface. Vulnerabilities in these libraries could lead to Denial of Service and Arbitrary Code Injection as described the the CVEs listed in the "Vulnerability Details" section. Vulnerabili...

9.3CVSS8.8AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 10:33 a.m.22 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service due to [CVE-2022-25883]

Summary Node.js semver is used by the Node.js runtime in IBM App Connect Enterprise Certified Container operants. IBM App Connect Enterprise Certified Container operands are vulnerable to regular expression denial of service. This bulletin provides patch information to address the reported...

7.5CVSS7.4AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 11:0 p.m.34 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js semver (CVE-2022-25883)

Summary A vulnerability in Node.js semver used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

7.5CVSS7.3AI score0.02761EPSS
Exploits1Affected Software1
Rows per page
Query Builder