61 matches found
Alibaba Cloud Linux 3 : 0016: nodejs:14 (ALINUX3-SA-2021:0016)
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0016 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-15366: An issue was discovered i...
Rocky Linux 8 : nodejs:12 (RLSA-2020:5499)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5499 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...
Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0551 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...
BELL-CVE-2020-7774 CVE-2020-7774 does not affect BellSoft software
Bulletin has no description...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5305)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5305 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Security Bulletin: Vulnerabilities in Node.js affect IBM App Connect Enterprise and IBM Integration Bus (CVE-2020-7774)
Summary IBM App Connect Enterprise and IBM Integration Bus ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execut...
Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager
Summary Multiple vulnerabilities in Node.js used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed these CVEs. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused...
Siemens SINEC INS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...
Mageia: Security Advisory (MGASA-2021-0372)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Prototype pollution flaw in y18n in IBM DataPower Gateway
Summary IBM has addressed the CVE Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By sending a specially-crafted request, an attacker could exploit this...
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:1113-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nodejs8 (important)
openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2021:1113-1 Rating: important References: 1184450 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 NVD : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2021:2618-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2021:2618-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2618-1 advisory. - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. bsc1187976 - CVE-2021-23362: Fixed hosted-git-info...
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2021:2618-1)
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2618-1 advisory. - This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n' %NASLMINLEVEL 70300 C Tenable...
SUSE: Security Advisory (SUSE-SU-2021:2618-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for nodejs8 (important)
openSUSE Security Update: Security update for nodejs8 Announcement ID: openSUSE-SU-2021:2618-1 Rating: important References: 1184450 1187976 1187977 Cross-References: CVE-2020-7774 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 NVD : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...
Security Bulletin: Potential vulnerability with Node.js
Summary A potential vulnerability has been identified related to Node.js. Refer to details for additional information. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a a missing check in the validation logic...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.2 bug fix and security update
Red Hat OpenShift Container Platform release 4.8.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...
Updated nodejs packages fix security vulnerabilities
This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...