16 matches found
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
SUSE CVE-2021-37713
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:1552-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mageia: Security Advisory (MGASA-2021-0463)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:0101-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:3964-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:3940-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for nodejs12 (important)
openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:3940-1 Rating: important References: 1190053 1190054 1190055 1190056 1190057 1191601 1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134...
Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-37713)
Summary IBM Integration Bus ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system,...
Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services
Summary A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic o...
Security fix for the ALT Linux 10 package node version 14.17.6-alt1
Sept. 1, 2021 Vitaly Lipatov 14.17.6-alt1 - new version 14.17.6 with rpmrb script - set npm = 6.14.15 - set openssl = 1.1.1l - CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135...
CVE-2021-37713 Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...
CVE-2021-37713
The CVE-2021-37713 issue concerns the npm package tar (node-tar) on Windows where extraction could create or overwrite arbitrary files and execute code due to insufficient path sanitization for drive-letter paths (e.g., C: paths) that differ from the extraction target. The vulnerability arises wh...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +26707 more potentially affected by CVE-2021-37713 via tar (>=0.1.12 <=4.4.15)
tar NPM version =0.1.12, =1.0.1, =1.0.4, =1.0.3, =0.8.4, =0.2.0, =0.0.1, =0.0.2 - 23g-base-css =1.0.0 - 2chhk-to-telegram-images-bot =1.0.0 and more Source cves: CVE-2021-37713 Source advisory: OSV:GHSA-5955-9WPR-37JH...
-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +2024 more potentially affected by CVE-2021-37713 via tar (>=6.0.0 <=6.1.8)
tar NPM version =6.0.0, =1.0.0, =1.4.0-beta, =0.0.9, =0.0.1, =1.6.0, =4.14.0, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.28 and more Source cves: CVE-2021-37713 Source advisory: OSV:GHSA-5955-9WPR-37JH...
August 31 2021 Security Releases
August 31 2021 Security Releases Update 6-Dec-2021 Security releases available Updates are now available for v14.x, and v12.x Node.js release lines for the following issues. npm 6 update - node-tar There are vulnerabilities in the node-tar which are related to the initial reports and subsequent...