Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Mageia
Mageiaadded 2022/03/21 8:18 p.m.91 views

Updated nodejs-tar packages fix security vulnerability

Untrusted tar file to symlink into an arbitrary location allowing file overwrites. CVE-2021-37712 Arbitrary file creation/overwrite and arbitrary code execution. CVE-2021-37701 Arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. CVE-2021-32803 Arbitrary File...

8.6CVSS3.9AI score0.84982EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2022/03/05 12:0 a.m.59 views

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:0715-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0715-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, a...

9.8CVSS7.4AI score0.84982EPSS
Exploits4References16
Tenable Nessus
Tenable Nessusadded 2022/02/22 12:0 a.m.54 views

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0531-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPath...

9.8CVSS7.4AI score0.84982EPSS
Exploits4References16
Tenable Nessus
Tenable Nessusadded 2021/12/03 12:0 a.m.44 views

SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2021:3886-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3886-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS in...

8.6CVSS8.1AI score0.00718EPSS
Exploits2References22
Tenable Nessus
Tenable Nessusadded 2021/09/22 12:0 a.m.58 views

Oracle Linux 8 : nodejs:12 (ELSA-2021-3623)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3623 advisory. - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves...

9.8CVSS7.1AI score0.84982EPSS
Exploits7References9
Prion
Prionadded 2021/08/03 7:15 p.m.26 views

Design/Logic Flaw

The npm package "tar" aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in...

5.8CVSS8.7AI score0.00122EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder