Security Bulletin: IBM Planning Analytics is affected by security vulnerabilities.

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Workspace 2.0.75. Vulnerability Details CVEID: CVE-2021-39040 DESCRIPTION: IBM Planning Analytics could be vulnerable to malicious file upload by not validating the file types or...

[SECURITY] Fedora 36 Update: python-fastapi-0.75.0-3.fc36

FastAPI is a modern, fast high-performance, web framework for building APIs with Python 3.6+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with NodeJS and Go thanks to Starlette and Pydantic. One of the fastest Python...

AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...

openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2022:0704-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2022:0704-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Security update for nodejs14 (important)

openSUSE Security Update: Security update for nodejs14 Announcement ID: openSUSE-SU-2022:0715-1 Rating: important References: 1191962 1191963 1192153 1192154 1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 NVD : 7.5...

Security update for nodejs8 (important)

openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-22022:20000-2 Rating: important References: 1038980 1191962 1191963 1192153 1192154 1192696 Cross-References: CVE-2017-8923 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores:...

SUSE-SU-2022:0704-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2022:0657-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...

Prototype Pollution in Ajv

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

RHEL 8 : nodejs:14 (RHSA-2022:0246)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0246 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:0041)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0041 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

nodejs-json-schema: Prototype pollution vulnerability

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code...

Oracle Linux 8 : nodejs:16 (ELSA-2021-5171)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-5171 advisory. - Resolves CVE-2020-28469 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

RLSA-2021:5171 Moderate: nodejs:16 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.13.1, nodejs-nodemon 2.0.15. BZ2027610 Security Fixes: nodejs-json-schema:...

@1pedro/eslint-config (=0.1.16), @2109-t5/server (>=1.0.0 <=1.0.9) +2562 more potentially affected by CVE-2021-3918 via json-schema (>=0.2.0 <=0.3.0)

json-schema NPM version =0.2.0, =1.0.0, =1.0.0, =0.1.0, =0.0.0-semantic-release, =14.0.0, =0.1.9, =0.1.9, =0.0.1, =0.0.1, =3.0.0-beta.3 and more Source cves: CVE-2021-3918 Source advisory: OSV:GHSA-896R-F27R-55MW...