Lucene search
+L

5 matches found

RedHat Linux
RedHat Linux
added 2021/11/29 1:24 p.m.76 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update

An update is now available for Red Hat OpenShift Container Storage 4.8.5 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

10CVSS7.4AI score0.03832EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/09/21 4:50 p.m.5 views

12g (>=0.0.21 <=1.0.1), 1ib (>=1.0.9 <=1.0.11) +7511 more potentially affected by CVE-2020-26301 via ssh2 (>=0.0.2 <=1.3.0)

ssh2 NPM version =0.0.2, =0.0.21, =1.0.9, =0.0.1, =1.0.0, =1.1.0, =0.4.0, =1.0.26, =0.107.10, =1.19.19, =0.107.0, =0.107.0, =0.107.0, =0.69.0, =0.107.0, =0.97.1, =0.123.2 and more Source cves: CVE-2020-26301 Source advisory: OSV:GHSA-652H-XWHF-Q4H6...

10CVSS7.2AI score0.03832EPSS
Exploits1
OSV
OSV
added 2021/09/20 8:15 p.m.12 views

CVE-2020-26301

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted...

10CVSS8.1AI score
Exploits0References3
CVE
CVE
added 2021/09/20 7:40 p.m.79 views

CVE-2020-26301

CVE-2020-26301 affects the ssh2 Node.js package (mscdex/ssh2). The vulnerability is a command injection in ssh2 prior to version 1.4.0, occurring on Windows when a vulnerable method is invoked with untrusted input. If exploited, this could lead to remote code execution. The issue is addressed in ...

10CVSS9.1AI score0.03832EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/09/20 7:40 p.m.52 views

CVE-2020-26301 Command injection in mscdex/ssh2

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted...

7.5CVSS10AI score0.03832EPSS
Exploits1References3
Rows per page
Query Builder