EUVD-2021-0690

Malware in sbrugna...

IBM Cognos Analytics Multiple Vulnerabilities (6616285)

The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following: - The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed ...

Improper parsing of octal bytes in netmask

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

CVE-2021-28918

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

CVE-2021-29418

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

CVE-2021-29418

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

Improper access control

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

CVE-2021-29418

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

Npm netmask 输入验证错误漏洞

Npm netmask is an application from Npm, Inc.The Netmask class parses and understands IPv4 CIDR blocks so that they can be explored and compared. An input validation error vulnerability exists in the netmask package before 2.0.1 for Node.js, which can be exploited by an attacker to bypass IP...

GHSA-PCH5-WHG9-QR2R netmask npm package mishandles octal input data

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

netmask npm package mishandles octal input data

The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This in some situations allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for...

PT-2021-17985 · Npm · Netmask

Name of the Vulnerable Software and Affected Versions: netmask npm package versions 1.0.6 and below netmask npm package versions 2.0.0 Description: The issue is related to improper input validation of octal strings in the netmask npm package, allowing unauthenticated remote attackers to perform...

Debian: Security Advisory (DLA-1665-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...