Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.28 views

RHEL 9 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - angularjs: Regular expression denial of service via the $resource service CVE-2023-26117 Note that Nessus has not...

5.3CVSS6.4AI score0.01695EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:42 p.m.35 views

Security Bulletin: IBM Storage Ceph is vulnerable to a REDOS attack in MarkedJS (CVE-2022-21680, CVE-2022-21681)

Summary MarkedJS is used by IBM Storage Ceph as a compiler to parse markdown. CVE-2022-21680, CVE-2022-21681 Vulnerability Details CVEID: CVE-2022-21680 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in block.de...

7.5CVSS7.7AI score0.02828EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:50 p.m.76 views

Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)

Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...

7.5CVSS7.6AI score0.02828EPSS
Exploits2Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/02 8:47 p.m.49 views

Security Bulletin: There is a vulnerability in Node.js used IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)

Summary There is a vulnerability in Node.js used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

7.5CVSS7.3AI score0.02828EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 3:44 p.m.100 views

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

9.8CVSS9.6AI score0.19312EPSS
Exploits39Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.25 views

Fedora 36 : gitqlient (2022-784d729f30)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-784d729f30 advisory. Update to latest version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

7.5CVSS6.8AI score0.02828EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2022/10/10 12:0 a.m.19 views

Fedora: Security Advisory for gitqlient (FEDORA-2022-784d729f30)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.02828EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2022/05/06 8:29 p.m.31 views

CVE-2022-21680

A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...

7.5CVSS5.6AI score0.02828EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/31 2:28 p.m.30 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to denial of service due to CVE-2022-21680

Summary Node.js module marked is used by IBM App Connect Enterprise Certified Container when creating an API-based Designer flow. IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to regular expression denial of service. This bulletin provides patch...

7.5CVSS7.3AI score0.02828EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/15 5:33 p.m.29 views

Security Bulletin: A security vulnerability in Node.js marked module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js marked module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-21680 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in block.def. By sending...

7.5CVSS7.3AI score0.02828EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2022/01/14 9:4 p.m.3 views

08cms (=1.0.0), 0ad-tools (=0.0.1) +34225 more potentially affected by CVE-2022-21680 via marked (>=0.0.1 <=4.0.0)

marked NPM version =0.0.1, =5.0.3, =0.0.1, =1.1.5, =0.3.96, =1.0.0, =0.1.0, =2.1.0, =1.0.0, =1.0.5 and more Source cves: CVE-2022-21680 Source advisory: OSV:GHSA-RRRM-QJM4-V8HF...

7.5CVSS6.7AI score0.02828EPSS
Exploits1
Circl
Circl
added 2022/01/14 2:50 p.m.3 views

CVE-2022-21680

creationtimestamp| type| source ---|---|--- 2022-01-14 14:50:33+00:00| published-proof-of-concept| https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf 2022-01-14 21:03:40+00:00| seen| https://t.me/cibsecurity/35571 2025-04-22 19:03:49+00:00| seen|...

7.5CVSS6.7AI score0.02828EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/14 12:0 a.m.25 views

CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked

Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...

7.5CVSS7.4AI score0.02828EPSS
Exploits1References4
Rows per page
Query Builder