33 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-33987
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The got package before 12.1.0 also fixed in 11.8.5 for Node.js allows a redirect to a UNIX socket. CVE-2022-33987 Note that Nessus relies on the presence of the...
RHEL 9 : got (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets CVE-2022-33987 Note that Nessus...
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...
CentOS 9 : nodejs-nodemon-2.0.19-1.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the nodejs-nodemon-2.0.19-1.el9 build changelog. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypass due to [CVE-2022-33987]
Summary Node.js got module is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypass. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-33987)
Summary There is a security vulnerability in Node.js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security restrictions, caused by an unspecified. B...
Security Bulletin: Vulnerability in Node.js affects IBM Process Mining . CVE-2022-33987
Summary There is a vulnerability in Node.js that could allow a UNIX socket redirect, bypassing security restrictions . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION:...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote authenticated attacker due to Node.js (CVE-2022-29244, CVE-2022-33987)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed by an ifix, a fixpack release and an option to disable the node CVE-2022-29244, CVE-2022-33987 Vulnerability Details CVEID:CVE-2022-29244 DESCRIPTION: Node....
AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2022:6595)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6595 advisory. - This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollut...
Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
AlmaLinux 8 : nodejs:14 (ALSA-2022:6448)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6448 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...
Security Bulletin: IBM Robotic Process Automation is vulnerable to a remote attacker bypassing security restrictions due to node.js got module (CVE-2022-33987)
Summary Node.js got module is used by IBM Robotic Process Automation as part of the web carbon framework. CVE-2022-33987. The fix includes carbon-components 10.56.0. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION: Node.js got module could allow a remote attacker to bypass security...
Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2022-6595)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6595 advisory. - Rebase to version 16.16.0 Resolves: RHBZ2106290 Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 Tenable has extracted the...
RHEL 9 : nodejs and nodejs-nodemon (RHSA-2022:6595)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6595 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
ALSA-2022:6595 Moderate: nodejs and nodejs-nodemon security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.16.0, nodejs-nodemon 2.0.19. BZ2124230, BZ2124233 Security Fixes: nodejs-ini:...
Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)
Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...
Moderate: Red Hat Security Advisory: nodejs:16 security and bug fix update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: nodejs:14 security and bug fix update
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...