Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

Atlassian Confluence 7.19.0 < 8.5.20 / 8.6.x < 9.2.6 / 9.3.x < 9.3.1 / 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101489)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101489 advisory. - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...

8.1CVSS6.8AI score0.08279EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:15 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in ip Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally...

9.8CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Confluence Data Center and Server - CVE-2023-42282

This is a critical vulnerability in a non-Atlassian Confluence dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This Critical...

9.8CVSS7AI score0.01613EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 5:27 a.m.15 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.01613EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2023-42282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

9.8CVSS6.7AI score0.01613EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.8 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...

9.8CVSS6.8AI score0.01613EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:25 p.m.23 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to SSRF due to ip for Node.js (CVE-2023-42282)

Summary Package ip for Node.js is used by IBM Cloud Pak for Data. CVE-2023-42282 Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw in the ip.isPublic...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
CBLMariner
CBLMariner
added 2024/07/12 11:39 p.m.30 views

CVE-2023-42282 affecting package reaper for versions less than 3.1.1-10

CVE-2023-42282 affecting package reaper for versions less than 3.1.1-10. A patched version of the package is available...

9.8CVSS9.6AI score0.01613EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/11 7:6 p.m.27 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to a code execution vulnerability in Node.js IP package (CVE-2023-42282)

Summary Potential code execution vulnerability in Node.js IP package CVE-2023-42282 has been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-42282...

9.8CVSS9.4AI score0.01613EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.28 views

CBL Mariner 2.0 Security Update: nodejs / nodejs18 / reaper (CVE-2023-42282)

The version of nodejs / nodejs18 / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-42282 advisory. - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such ...

9.8CVSS6.8AI score0.01613EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.34 views

CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1

CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

9.8CVSS6.9AI score0.01613EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/06/17 12:43 a.m.45 views

Important: Red Hat Security Advisory: Network Observability 1.6.0 for OpenShift

Network Observability 1.6 for Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS7.2AI score0.01613EPSS
Exploits3References24
NVD
NVD
added 2024/05/27 8:15 p.m.30 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

8.1CVSS9.6AI score0.08279EPSS
Exploits0References4
OSV
OSV
added 2024/05/27 8:4 p.m.43 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

8.1CVSS6.9AI score0.08279EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 4:27 p.m.35 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion HCI as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/21 4:25 p.m.32 views

Security Bulletin: IBM Storage Fusion is vulnerable to arbitrary code execution due to Node.js IP package.

Summary IP from Node.js is used by IBM Storage Fusion as part of the Backup and Restore service and is vulnerable to the CVE listed below. CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:21 p.m.56 views

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS10AI score0.9077EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/03 9:26 a.m.38 views

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.2AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 11:1 a.m.78 views

Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...

9.8CVSS9.4AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 10:24 a.m.39 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP [CVE-2023-42282]

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js package IP. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
Rows per page
Query Builder