Lucene search
K

33 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-33987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket. CVE-2022-33987 Note that Nessus relies on the presence of the...

5.3CVSS6.8AI score0.02162EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 9 : got (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...

5.3CVSS6.6AI score0.02162EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:31 p.m.112 views

Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities

Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...

9.8CVSS10AI score0.0434EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.31 views

CentOS 9 : nodejs-nodemon-2.0.19-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the nodejs-nodemon-2.0.19-1.el9 build changelog. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing...

7.8CVSS7.3AI score0.04456EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/28 11:43 a.m.26 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypass due to [CVE-2022-33987]

Summary Node.js got module is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypass. This bulletin provides patch information to address the reported vulnerability in...

5.3CVSS6.2AI score0.02162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:33 a.m.25 views

Security Bulletin: There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-33987)

Summary There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. B...

5.3CVSS6.2AI score0.02162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 9:46 p.m.23 views

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining . CVE-2022-33987

Summary There is a vulnerability in Node.js that could allow a UNIX socket redirect, bypassing security restrictions . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION:...

5.3CVSS6.3AI score0.02162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/14 2:14 p.m.121 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)

Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed by an ifix, a fixpack release and an option to disable the node CVE-2022-29244, CVE-2022-33987 Vulnerability Details CVEID:CVE-2022-29244 DESCRIPTION: Node....

7.5CVSS7.1AI score0.03465EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2022/10/19 12:0 a.m.37 views

AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2022:6595)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6595 advisory. - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollut...

9.8CVSS7.3AI score0.77766EPSS
Exploits6References11
RedHat Linux
RedHat Linux
added 2022/10/18 9:6 a.m.40 views

Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.1CVSS6.7AI score0.77766EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/10/08 12:0 a.m.34 views

AlmaLinux 8 : nodejs:14 (ALSA-2022:6448)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6448 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

8.1CVSS7AI score0.77766EPSS
Exploits3References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:10 a.m.48 views

Security Bulletin: IBM Robotic Process Automation is vulnerable to a remote attacker bypassing security restrictions due to node.js got module (CVE-2022-33987)

Summary Node.js got module is used by IBM Robotic Process Automation as part of the web carbon framework. CVE-2022-33987. The fix includes carbon-components 10.56.0. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security...

5.3CVSS6.2AI score0.02162EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/09/22 12:0 a.m.435 views

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...

9.8CVSS7.2AI score0.77766EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2022/09/21 12:0 a.m.49 views

RHEL 9 : nodejs and nodejs-nodemon (RHSA-2022:6595)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6595 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.3AI score0.77766EPSS
Exploits6References25
RedHat Linux
RedHat Linux
added 2022/09/20 12:27 p.m.66 views

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.7AI score0.77766EPSS
Exploits6References13
OSV
OSV
added 2022/09/20 11:37 a.m.36 views

RLSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...

7.5CVSS7.7AI score0.77766EPSS
Exploits6References13
OSV
OSV
added 2022/09/20 12:0 a.m.35 views

ALSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...

9.8CVSS7.7AI score0.77766EPSS
Exploits6References22
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 12:2 p.m.100 views

Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)

Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...

8.1CVSS8.3AI score0.77766EPSS
Exploits5Affected Software1
RedHat Linux
RedHat Linux
added 2022/09/13 9:59 a.m.45 views

Moderate: Red Hat Security Advisory: nodejs:16 security and bug fix update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.8AI score0.77766EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2022/09/13 9:48 a.m.57 views

Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.1CVSS6.7AI score0.77766EPSS
Exploits3References7
Rows per page
Query Builder