68 matches found
MiracleLinux 8 : nodejs:14 (AXSA:2021-2343:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2343:01 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...
MiracleLinux 8 : libuv-1.41.1-1.el8 (AXSA:2021-2313:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2313:02 advisory. libuv: out-of-bounds read in uvidnatoascii can lead to information disclosures or crashes CVE-2021-22918 Tenable has extracted the preceding description bloc...
TencentOS Server 3: libuv (TSSA-2022:0099)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0099 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Azure Linux 3.0 Security Update: nodejs / pytorch (CVE-2021-22918)
The version of nodejs / pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-22918 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii ...
CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4
CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4. A patched version of the package is available...
CentOS 9 : libuv-1.42.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libuv-1.42.0-1.el9 build changelog. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer ...
GLSA-202401-23 : libuv: Buffer Overread
The remote host is affected by the vulnerability described in GLSA-202401-23 libuv: Buffer Overread - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether...
Low: libuv
Issue Overview: Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can...
Security Bulletin: Potential Denial of Service in IBM DataPower Gateway
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv's uvidnatoascii function. By invoking the function using dns module's lookup function, a remote attacker could...
Siemens SINEC INS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...
AlmaLinux 8 : libuv (ALSA-2021:3075)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:3075 advisory. - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and...
Security Bulletin: Multiple vulnerabilities affect IBM Observability with Instana
Summary Vulnerabilities detected in Node.js versions before v14.16.2 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22921 DESCRIPTION: Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in t...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2021-22918
Summary IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2021-22918. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an out-of-bounds read ...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities
Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM App Connect Enterprise v11 & v12 (CVE-2021-22918 and CVE-2021-22921)
Summary IBM App Connect Enterprise v11 & v12 ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an out-of-bound...
Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by vulnerabilities These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 68. Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils...
Important: Red Hat Security Advisory: nodejs:12 security and bug fix update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: nodejs:12 security and bug fix update
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
nodejs:14 security, bug fix, and enhancement update
nodejs 1:14.17.3-2 - Resolves: RHBZ1980032, RHBZ1978203 - Resolves RHBZ1842826 - Don't use patch3 1:14.17.3-1 - Resolves: RHBZ1980032, RHBZ1978203 - Resolves RHBZ1842826 - Resolves CVE-2021-22918libuv, use system cipher list 1:14.16.0-3 - Resolves: RHBZ1930775 - Always build with systemtap...
CVE-2021-22918 affecting package nodejs 14.17.0-1
CVE-2021-22918 affecting package nodejs 14.17.0-1. An upgraded version of the package is available that resolves this issue...