Lucene search
K

53 matches found

Debian
Debian
added 2026/04/29 3:9 a.m.7 views

[SECURITY] [DLA 4552-1] node-tar security update

Debian LTS Advisory DLA-4552-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert April 29, 2026 https://wiki.debian.org/LTS Package : node-tar Version : 6.0.5+ds1+cs11.3.9-1+deb11u3 CVE ID : CVE-2024-28863 CVE-2026-23745 CVE-2026-24842 CVE-2026-26960 CVE-2026-29786...

8.6CVSS6.6AI score0.00929EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : nodejs:20 (AXSA:2024-8725:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8725:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References5
OSV
OSV
added 2025/08/27 2:40 p.m.7 views

CLSA-2025-1756305640 nodejs: Fix of CVE-2024-28863

CVE-2024-28863: prevent extraction in excessively deep sub-folders to address unlimited sub-folders vulnerability...

6.5CVSS6.6AI score0.00929EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.15 views

TencentOS Server 4: nodejs (TSSA-2024:0291)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0291 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.1CVSS7.9AI score0.01387EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 3:24 a.m.27 views

Security Bulletin: IBM Fusion HCI and IBM Fusion are vulnerable to denial of service due to Node.js, isaacs node-tar, ShowdownJS

Summary IBM Fusion HCI and IBM Fusion's graphical user interface are vulnerable to a denial of service due to Node.js, isaacs node-tar, and ShowdownJS. CVE-2024-4068, CVE-2024-28863, CVE-2024-1899. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

7.5CVSS6.8AI score0.01471EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/02 5:30 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation...

6.5CVSS7AI score0.00929EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/02 5:28 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...

6.5CVSS7AI score0.00929EPSS
Exploits1Affected Software1
CBLMariner
CBLMariner
added 2025/03/25 3:8 p.m.8 views

CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17

CVE-2024-28863 affecting package reaper for versions less than 3.1.1-17. A patched version of the package is available...

6.5CVSS7.3AI score0.00929EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2024-28863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who...

6.5CVSS6AI score0.00929EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2025/02/14 12:0 a.m.38 views

nodejs:18 security update

nodejs 1:18.20.6-1 - Update to version 18.20.6 Resolves: RHEL-76801 Fixes: CVE-2025-23085 1:18.20.4-1 - Update to 18.20.4 Fixes: CVE-2024-22020 CVE-2024-28863 nodejs-nodemon nodejs-packaging...

6.8CVSS6.9AI score0.01327EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-28863)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28863 advisory. - node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the numbe...

6.5CVSS6.5AI score0.00929EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.43 views

Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, Flask_Cors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, FlaskCors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171 Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-t...

6.5CVSS7.4AI score0.00929EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: Vulnerability in isaacs node-tar ( CVE-2024-28863) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-28863 has been identified related to isaacs node-tar that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

6.5CVSS6.8AI score0.00929EPSS
Exploits1Affected Software1
Amazon
Amazon
added 2024/11/14 12:0 a.m.6 views

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

6.5CVSS6.8AI score0.00929EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.15 views

Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2024-766)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-766 advisory. node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders c...

6.5CVSS6.6AI score0.00929EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.15 views

RHEL 8 : nodejs:18 (RHSA-2024:6148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6148 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.24 views

RHEL 9 : nodejs:18 (RHSA-2024:6147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6147 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

6.5CVSS6.7AI score0.01104EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/11/06 12:0 a.m.25 views

RHEL 8 / 9 : Satellite 6.16.0 (Critical) (RHSA-2024:8906)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8906 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

9.8CVSS6.9AI score0.28637EPSS
Exploits4References277
RedHat Linux
RedHat Linux
added 2024/11/05 5:49 p.m.282 views

Critical: Red Hat Security Advisory: Satellite 6.16.0 release

A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.28637EPSS
Exploits4References262
Rows per page
Query Builder