223 matches found
BIT-SYMFONY-2022-24894
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses including headers and returns them to the clients. In a recent change in the AbstractSessionListener, the response...
CVE-2023-49082
A flaw was found in Aiohttp. This issue may allow an attacker to send a crafted HTTP request to the server and smuggle arbitrary HTTP headers due to improper validation of HTTP requests during the processing of the HTTP request method. By exploiting this flaw, an attacker can manipulate HTTP...
Security Bulletin: A vulnerability in Node.js http-cache-semantics package affects Data Replication on Cloud Pak for Data
Summary A vulnerability in Node.js http-cache-semantics package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of...
Ubuntu 16.04 ESM : Varnish vulnerability (USN-4824-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4824-1 advisory. It was discovered that Varnish incorrectly handled certain inputs. A remote attacker could possibly use this issue to obtain sensitive information. Tenable has...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
RHEL 9 : nodejs (RHSA-2023:5533)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5533 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and improper file download via http-cache-semantics, Gin-Gonic, and YAML (CVE-2022-25881, CVE-2023-2251, CVE-2023-29401)
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be vulnerable to denial of service via http-cache-semantics, denial of service via TypeScript's yaml and improper file attachment download for Node.js's http-cache-semantics as...
Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities
Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...
Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Node.js http-cache-semantics modulewhich is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression...
Debian dla-3493 : php-symfony - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3493 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3493-1 [email protected]...
[SECURITY] [DLA 3493-1] symfony security update
Debian LTS Advisory DLA-3493-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 11, 2023 https://wiki.debian.org/LTS Package : symfony Version : 3.4.22+dfsg-2+deb10u2 CVE ID : CVE-2021-21424 CVE-2022-24894 CVE-2022-24895 Multiple security vulnerabilities were...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881)
Summary Potential Node.js http-cache-semantics module denial of service CVE-2022-25881 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.4.3 GA]
An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact...
Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js http-cache-semantics module (CVE-2022-25881)
Summary A vulnerability in Node.js http-cache-semantics module used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...
AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2023:2655)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2655 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server,...
AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-490...
Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...