Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 12:42 a.m.56 views

Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...

7.8CVSS1.6AI score0.05093EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/02/20 12:0 a.m.249 views

Oracle Linux 8 : nodejs:10 (ELSA-2021-0548)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0548 advisory. nodejs 1:10.23.1-1 - January Security release - https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/ - Rebase to 10.23.1 - Resolves...

9.8CVSS7.2AI score0.69062EPSS
Exploits8References11
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.114 views

Moderate: Red Hat Security Advisory: nodejs:10 security update

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.9AI score0.69062EPSS
Exploits8References11
AlmaLinux
AlmaLinux
added 2021/02/16 7:34 a.m.70 views

Moderate: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.23.1. Security Fixes: libuv: buffer overflow in realpath CVE-2020-8252...

9.8CVSS7.9AI score0.69062EPSS
Exploits8References11
OSV
OSV
added 2021/02/16 7:34 a.m.38 views

ALSA-2021:0548 Moderate: nodejs:10 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 10.23.1. Security Fixes: libuv: buffer overflow in realpath CVE-2020-8252...

9.8CVSS8AI score0.69062EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
added 2021/02/16 12:0 a.m.58 views

RHEL 8 : nodejs:10 (RHSA-2021:0548)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.4AI score0.69062EPSS
Exploits8References23
RedHat Linux
RedHat Linux
added 2021/02/15 6:28 p.m.84 views

Moderate: Red Hat Security Advisory: rh-nodejs10-nodejs security update

An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.69062EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.39 views

CentOS 8 : nodejs:12 (CESA-2020:4272)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory. - npm: sensitive information exposure through logs CVE-2020-15095 - nodejs-dot-prop: prototype pollution CVE-2020-8116 - nodejs: HTTP request smuggling...

7.8CVSS7.4AI score0.05093EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 7:3 a.m.45 views

Security Bulletin: Open Source Security issues for NPS console.

Summary Fixed Open Source issues for listed CVEs for NPS console. Vulnerability Details CVEID: CVE-2018-19838 DESCRIPTION: LibSass is vulnerable to a denial of service, caused by a stack-based buffer overflow in the IMPLEMENTASTOPERATORS expansion in ast.cpp. By persuading a victim to open a...

9.8CVSS1AI score0.05213EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/08 6:37 a.m.65 views

Security Bulletin: OSS security Scan issues for Concerto installer.

Summary Fixed in IBM Netezza for Cloud Pak for Data 11.1.1.0 Vulnerability Details CVEID: CVE-2018-19838 DESCRIPTION: LibSass is vulnerable to a denial of service, caused by a stack-based buffer overflow in the IMPLEMENTASTOPERATORS expansion in ast.cpp. By persuading a victim to open a...

9.8CVSS1.2AI score0.05213EPSS
Exploits13Affected Software1
RedHat Linux
RedHat Linux
added 2020/11/12 9:44 a.m.95 views

Moderate: Red Hat Security Advisory: rh-nodejs12-nodejs security update

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.8AI score0.05093EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/11/04 12:35 p.m.58 views

Moderate: Red Hat Security Advisory: nodejs:12 security and bug fix update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6.8AI score0.05093EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2020/10/19 2:37 p.m.71 views

Moderate: Red Hat Security Advisory: nodejs:12 security and bug fix update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.8AI score0.05093EPSS
Exploits1References6
AlmaLinux
AlmaLinux
added 2020/10/19 7:13 a.m.101 views

Moderate: nodejs:12 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.4. Security Fixes: nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs:...

7.8CVSS7.5AI score0.05093EPSS
Exploits1References5
OSV
OSV
added 2020/10/19 7:13 a.m.31 views

ALSA-2020:4272 Moderate: nodejs:12 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.4. Security Fixes: nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs:...

7.8CVSS7.5AI score0.05093EPSS
Exploits1References5
OSV
OSV
added 2020/10/19 7:13 a.m.35 views

RLSA-2020:4272 Moderate: nodejs:12 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.4. Security Fixes: nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs:...

7.8CVSS7.5AI score0.05093EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2020/08/12 12:43 a.m.27 views

CVE-2020-8116

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

7.5CVSS3AI score0.03079EPSS
Exploits1References4
NVD
NVD
added 2020/02/04 8:15 p.m.15 views

CVE-2020-8116

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

7.5CVSS7.8AI score0.03079EPSS
Exploits1References4
OSV
OSV
added 2020/02/04 8:15 p.m.22 views

CVE-2020-8116

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

7.3CVSS6.6AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/02/04 8:15 p.m.42 views

CVE-2020-8116

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...

7.5CVSS7.1AI score0.03079EPSS
Exploits1References3
Rows per page
Query Builder