Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-7158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in...

7.5CVSS7.2AI score0.03381EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/09/20 5:42 p.m.44 views

K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

7.5CVSS7.5AI score0.06411EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.34 views

Mageia: Security Advisory (MGASA-2019-0277)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.9AI score0.41288EPSS
Exploits0References23
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2018:0952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.03621EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2018:1183-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.6AI score0.09916EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/02 7:58 p.m.39 views

CVE-2018-7158

It was found that the 'path' module from Node.js was vulnerable to a Regular Expression Denial of Service REDoS flaw. An attacker able to provide a specially crafted file path to a Node.js script could force it to hang indefinitely...

7.5CVSS1.8AI score0.03381EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.24 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0952-1)

This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...

7.5CVSS7.2AI score0.03621EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.32 views

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)

This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...

8.8CVSS7.2AI score0.09916EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2018/11/14 12:0 a.m.61 views

Node.js multiple vulnerabilities (March 2018 Security Releases).

The version of Node.js installed on the remote host is 4.x prior to 4.9.0, 6.x prior to 6.14.0, 8.x prior to 8.11.0 or 9.x prior to 9.10.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...

8.8CVSS7.3AI score0.09916EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/07 3:25 p.m.57 views

Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities

Summary Node.js as used in IBM QRadar Packet Capture has been updated to resolve multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-7158 Description: Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit this...

8.8CVSS0.9AI score0.09916EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/14 9:30 p.m.31 views

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private and IBM Cloud Private Cloud Foundry (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)

Summary IBM Cloud Private and IBM Cloud Private Cloud Foundry are vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-7158 DESCRIPTION: Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit...

8.8CVSS0.9AI score0.09916EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2018/07/10 12:0 a.m.33 views

Node.js 'path' Module Regular Expression Denial-of-Service Vulnerability - Mac OS X

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS7.4AI score0.03381EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/05/17 2:29 p.m.35 views

CVE-2018-7158

The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, splitPathRe, used within the...

7.5CVSS6.9AI score0.03381EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/05/11 12:0 a.m.46 views

openSUSE Security Update : nodejs6 (openSUSE-2018-444)

This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...

8.8CVSS7.2AI score0.09916EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.28 views

openSUSE Security Update : nodejs4 (openSUSE-2018-375)

This update for nodejs4 fixes the following issues : - Fix some node-gyp permissions - New upstream maintenance 4.9.1 : - Security fixes : + CVE-2018-7158: Fix for 'path' module regular expression denial of service bsc1087459 + CVE-2018-7159: Reject spaces in HTTP Content-Length header values...

7.5CVSS7.2AI score0.03621EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/04/10 12:0 a.m.39 views

Fedora 26 : 1:nodejs (2018-e672eaf4df)

https://nodejs.org/en/blog/release/v8.11.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

7.5CVSS7.3AI score0.03381EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/04 12:0 a.m.29 views

Fedora 27 : 1:libuv / 1:nodejs (2018-ecf73042e3)

https://nodejs.org/en/blog/release/v8.11.0/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

7.5CVSS7.3AI score0.03381EPSS
Exploits0References2
Node JS Blog
Node JS Blog
added 2018/03/21 12:0 a.m.37 views

March 2018 Security Releases

March 2018 Security Releases Update 28-March-2018 Security releases available Summary Updates are now available for all active Node.js release lines. These include the fix for the vulnerabilities identified in the initial announcement below. In addition to the vulnerabilities in the initial...

8.8CVSS8AI score0.19295EPSS
Exploits0
Rows per page
Query Builder