Lucene search
K

48 matches found

Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.21 views

CentOS 9 : nodejs-16.16.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...

9.8CVSS7.1AI score0.81464EPSS
Exploits13References19
OpenVAS
OpenVAS
added 2022/10/06 12:0 a.m.20 views

Debian: Security Advisory (DLA-3137-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.37286EPSS
Exploits1References4
Debian
Debian
added 2022/10/05 3:18 p.m.66 views

[SECURITY] [DLA 3137-1] nodejs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3137-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler October 05, 2022 https://wiki.debian.org/LTS -...

9.8CVSS9.6AI score0.37286EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/08/24 12:0 a.m.25 views

openSUSE: Security Advisory for nodejs10 (SUSE-SU-2022:2855-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.7AI score0.81464EPSS
Exploits5References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/31 2:57 p.m.52 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-27290 DESCRIPTION: Node.js ssri...

9.8CVSS1.3AI score0.37286EPSS
Exploits16Affected Software1
CBLMariner
CBLMariner
added 2022/04/09 6:52 a.m.30 views

CVE-2021-22940 affecting package nodejs for versions less than 16.14.0-1

CVE-2021-22940 affecting package nodejs for versions less than 16.14.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.9AI score0.13861EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.21952EPSS
Exploits3References7
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/11 8:10 p.m.117 views

Security Bulletin: Vulnerabilitiy affects IBM Observability with Instana

Summary Vulnerabilities detected in Node.js versions before v14.17.5 affects IBM Observability with Instana Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a...

9.8CVSS8.5AI score0.37286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 5:39 p.m.53 views

Security Bulletin: IBM Event Streams UI affected by multiple node package vulnerabilities

Summary IBM Event Streams UI affected by multiple node package vulnerabilities Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 ...

9.8CVSS8.4AI score0.37286EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/29 9:37 p.m.104 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js

Summary Multiple vulnerabilities in Node.js that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID: CVE-2021-37701 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by an arbitrary file...

9.8CVSS0.6AI score0.37286EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/22 2:3 p.m.39 views

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities

Summary IBM Cloud Pak for Integration is vulnerable to multiple Node.js vulnerabilities with details below Vulnerability Details CVEID: CVE-2021-22931 DESCRIPTION: Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An...

9.8CVSS0.9AI score0.37286EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/21 5:9 p.m.47 views

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2021-22930 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this...

9.8CVSS1AI score0.37286EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/20 10:8 a.m.57 views

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940

Summary IBM App Connect Enterprise Certified Container may be vulnerable to memory corruption due to CVE-2021-22940. This only affects Node.js runtime processes. Vulnerability Details CVEID: CVE-2021-22940 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused ...

9.8CVSS1.1AI score0.37286EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/10/19 12:0 a.m.145 views

Node.js Multiple Vulnerabilities (August 2021 Security Releases)

The version of Node.js installed on the remote host is prior to 12.22.5 or 14.17.5 or 16.6.2. It is, therefore, affected by multiple vulnerabilities including the following: - A remote command execution vulnerability exists in Node.js due to insufficient validation of untypical characters in doma...

9.8CVSS7.7AI score0.21952EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2021/09/29 12:0 a.m.47 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:1313-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1313-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References16
RedHat Linux
RedHat Linux
added 2021/09/27 7:40 a.m.292 views

Important: Red Hat Security Advisory: nodejs:14 security and bug fix update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.8AI score0.37286EPSS
Exploits5References10
OSV
OSV
added 2021/09/27 6:47 a.m.38 views

RLSA-2021:3666 Important: nodejs:14 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8.5AI score0.37286EPSS
Exploits5References10
OpenVAS
OpenVAS
added 2021/09/27 12:0 a.m.36 views

Elastic Kibana Node.js Security Vulnerabilities (ESA-2021-24)

Elastic Kibana is prone to multiple vulnerabilities in Node.js. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...

9.8CVSS7.6AI score0.21952EPSS
Exploits3References1
Oracle linux
Oracle linux
added 2021/09/27 12:0 a.m.65 views

nodejs:14 security and bug fix update

nodejs 1:14.17.5-1 - Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, - CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 - Resolves RHBZ1847529 make FIPS always available - Resolves: RHBZ1988599, RHBZ1994000, RHBZ1993998, RHBZ1993095 - Resolves: RHBZ1994028,...

9.8CVSS1.5AI score0.37286EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2021/09/24 12:0 a.m.48 views

openSUSE 15 Security Update : nodejs14 (openSUSE-SU-2021:3211-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3211-1 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 - Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to...

9.8CVSS7.3AI score0.37286EPSS
Exploits3References16
Rows per page
Query Builder