Lucene search
+L

60 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.21 views

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

9.8CVSS7.1AI score0.81464EPSS
Exploits13References19
OSV
OSV
added 2023/08/31 12:13 p.m.3 views

BELL-CVE-2021-22939 CVE-2021-22939 does not affect BellSoft software

Bulletin has no description...

5.3CVSS7.3AI score0.1473EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/10/06 12:0 a.m.20 views

Debian: Security Advisory (DLA-3137-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.37286EPSS
Exploits1References4
Debian
Debian
added 2022/10/05 3:18 p.m.69 views

[SECURITY] [DLA 3137-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3137-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 05, 2022 https://wiki.debian.org/LTS -...

9.8CVSS9.6AI score0.37286EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/22 3:20 p.m.62 views

Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security issues due to Node.js

Summary IBM has announced a release for IBM Security Verify Governance ISVG in response to security vulnerabilities. The vulnerabilities are caused by Node.js which is vulnerable to multiple threats. CVE-2021-22939, CVE-2021-44531, CVE-2021-44533, CVE-2021-37701, CVE-2021-37712, CVE-2021-22959,...

9.8CVSS8.9AI score0.37286EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 2:57 p.m.53 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...

9.8CVSS1.3AI score0.37286EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/19 8:12 p.m.41 views

Security Bulletin: IBM Security Guardium Insights is affected by Node.js vulnerability (CVE-2021-22939)

Summary IBM Security Guardium Insights addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and "undefined" was in passed for the...

5.3CVSS1.7AI score0.1473EPSS
Exploits1Affected Software1
CBLMariner
CBLMariner
added 2022/04/09 6:52 a.m.27 views

CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1

CVE-2021-22939 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS7.7AI score0.1473EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.21952EPSS
Exploits3References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:39 p.m.53 views

Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities

Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...

9.8CVSS8.4AI score0.37286EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 5:59 p.m.36 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used...

5.3CVSS1.5AI score0.1473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/29 9:37 p.m.104 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js

Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file...

9.8CVSS0.6AI score0.37286EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/22 2:3 p.m.39 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...

9.8CVSS0.9AI score0.37286EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/20 10:7 a.m.33 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939

Summary IBM App Connect Enterprise Certified Container may be vulnerable to trusting expired certificates due to CVE-2021-22939. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security...

5.3CVSS0.8AI score0.1473EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/19 12:0 a.m.145 views

Node.js Multiple Vulnerabilities (August 2021 Security Releases)

The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...

9.8CVSS7.7AI score0.21952EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2021/09/29 12:0 a.m.47 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2021/09/27 7:40 a.m.292 views

Important: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.37286EPSS
Exploits5References10
AlmaLinux
AlmaLinux
added 2021/09/27 6:47 a.m.63 views

Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8.5AI score0.37286EPSS
Exploits5References9
OSV
OSV
added 2021/09/27 6:47 a.m.39 views

RLSA-2021:3666 Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8.5AI score0.37286EPSS
Exploits5References10
Oracle linux
Oracle linux
added 2021/09/27 12:0 a.m.65 views

nodejs:14 security and bug fix update

nodejs 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ1847529 make FIPS always available - Resolves: RHBZ1988599, RHBZ1994000, RHBZ1993998, RHBZ1993095 - Resolves: RHBZ1994028,...

9.8CVSS1.5AI score0.37286EPSS
Exploits7
Rows per page
Query Builder