23 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-28500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. CVE-2020-28500 Note...
Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]
Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager.
Summary A security vulnerability in Node.js Lodash module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in the toNumber, trim and...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-9281 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500)
Summary There is a vulnerability in Node.js lodash that could allow remote execution of arbitrary commands. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Node.js...
Security Bulletin: CVE-2020-28500
Summary Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression...
Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)
Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...
Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities
Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...
Security Bulletin: Lodash versions prior to 4.17.21 vulnerability in PowerHA System Mirror for AIX
Summary Lodash versions prior to 4.17.21 caused vulnerability in PowerHA System Mirror for AIX releases in service. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a...
@across-ui/example (>=0.0.1-alpha.4 <=0.0.4-alpha.5), @agreejs/api (>=0.0.1 <=3.2.14) +752 more potentially affected by CVE-2020-28500 via lodash-es (>=4.0.0 <=4.17.20)
lodash-es NPM version =4.0.0, =0.0.1-alpha.4, =0.0.1, =0.0.2, =3.2.1, =3.2.1, =3.2.1, =0.0.1, =3.2.1, =3.2.1, =0.1.0, =0.3.14, =0.4.63, =0.4.64 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...
10by10-react-app (=1.2.1), 1k-utils (>=1.0.0 <=1.4.0) +15141 more potentially affected by CVE-2020-28500 via lodash (>=4.0.0 <=4.17.20)
lodash NPM version =4.0.0, =1.0.0, =0.0.2, =0.1.1, =1.0.0, =0.2.0, =0.0.2, =0.1.0, =0.1.0, =1.0.23, =4.11.0, =0.0.1, =0.2.1, =0.3.44 and more Source cves: CVE-2020-28500 Source advisory: OSV:GHSA-29MW-WPGM-HMR9...
WordPress 5.8 < 5.8.1 / 5.7 < 5.7.3 / 5.6 < 5.6.5 / 5.5 < 5.5.6 / 5.4 < 5.4.7 / 5.2 < 5.2.12
WordPress versions 5.8 5.8.1 / 5.7 5.7.3 / 5.6 5.6.5 / 5.5 5.5.6 / 5.4 5.4.7 / 5.2 5.2.12 are affected by one or more vulnerabilities %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from WordPress Security Advisory...
Moderate: Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.8]
An update for cockpit-ovirt, ovirt-host, ovirt-hosted-engine-ha, ovirt-hosted-engine-setup, and vdsm is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...
Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2020-28500)
Summary IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in the toNumber, trim and trimEnd functions. By...
Security Bulletin: Potential vulnerability with Node.js lodash module
Summary A potential vulnerability has been identified related to Node.js lodash module. Refer to details for additional information. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servic...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update
Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability
Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-28500 Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in the toNumber, trim and trimEnd...
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js lodash vulnerability (CVE-2020-28500)
Summary IBM Cloud Pak for Integration is vulnerable to lodash vulnerability CVE-2020-28500 with details below. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in the toNumbe...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID: CVE-2021-22884 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when the allowlist includes localhost6. By controlling the victim's DNS serve...
Security Bulletin: A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service
Summary A security vulnerability in Node.js lodash module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS in...