Lucene search
+L

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 4:4 a.m.65 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.15014EPSS
Exploits2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37713

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

8.2CVSS8.8AI score0.01263EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2022/02/08 12:0 a.m.27 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:1552-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2021-0463)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.7AI score0.21952EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2022/01/20 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:0101-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS7.3AI score0.21514EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/12/08 12:0 a.m.27 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:3964-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/12/07 12:0 a.m.33 views

openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2021:3940-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.6CVSS8AI score0.03286EPSS
Exploits2References2
OPENSUSE Linux
OPENSUSE Linux
added 2021/12/06 12:0 a.m.53 views

Security update for nodejs12 (important)

openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:3940-1 Rating: important References: 1190053 1190054 1190055 1190056 1190057 1191601 1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134...

8.1CVSS7.7AI score0.03286EPSS
Exploits2References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/02 6:18 p.m.33 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Integration Bus v10 (CVE-2021-37713)

Summary IBM Integration Bus ships with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system,...

8.6CVSS7.9AI score0.01263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/09 6:9 p.m.36 views

Security Bulletin: A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in Node.js tar module affects IBM Cloud Pak for Multicloud Management Managed Services. Vulnerability Details CVEID: CVE-2021-37713 DESCRIPTION: Node.js tar module could allow a local attacker to execute arbitrary code on the system, caused by insufficient logic o...

8.6CVSS1.2AI score0.01263EPSS
Exploits0Affected Software1
ALT Linux
ALT Linux
added 2021/09/01 12:0 a.m.105 views

Security fix for the ALT Linux 10 package node version 14.17.6-alt1

Sept. 1, 2021 Vitaly Lipatov 14.17.6-alt1 - new version 14.17.6 with rpmrb script - set npm = 6.14.15 - set openssl = 1.1.1l - CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712, CVE-2021-37713, CVE-2021-39134, CVE-2021-39135...

5.8CVSS8.6AI score0.15014EPSS
Exploits1
Cvelist
Cvelist
added 2021/08/31 4:50 p.m.24 views

CVE-2021-37713 Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization

The npm package "tar" aka node-tar before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, ...

8.2CVSS9AI score0.01263EPSS
Exploits0References4
CVE
CVE
added 2021/08/31 4:50 p.m.196 views

CVE-2021-37713

The CVE-2021-37713 issue concerns the npm package tar (node-tar) on Windows where extraction could create or overwrite arbitrary files and execute code due to insufficient path sanitization for drive-letter paths (e.g., C: paths) that differ from the extraction target. The vulnerability arises wh...

8.6CVSS7.3AI score0.01263EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/31 4:5 p.m.10 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0.8.18-p11 (=0.8.18-p12) +26707 more potentially affected by CVE-2021-37713 via tar (>=0.1.12 <=4.4.15)

tar NPM version =0.1.12, =1.0.1, =1.0.4, =1.0.3, =0.8.4, =0.2.0, =0.0.1, =0.0.2 - 23g-base-css =1.0.0 - 2chhk-to-telegram-images-bot =1.0.0 and more Source cves: CVE-2021-37713 Source advisory: OSV:GHSA-5955-9WPR-37JH...

8.6CVSS6.8AI score0.01263EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/08/31 4:5 p.m.4 views

-fides-amor-et-lux (=1.0.0), 20_nogo (>=1.0.0 <=1.1.4) +2024 more potentially affected by CVE-2021-37713 via tar (>=6.0.0 <=6.1.8)

tar NPM version =6.0.0, =1.0.0, =1.4.0-beta, =0.0.9, =0.0.1, =1.6.0, =4.14.0, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.7, =0.4.0-next.28 and more Source cves: CVE-2021-37713 Source advisory: OSV:GHSA-5955-9WPR-37JH...

8.6CVSS6.8AI score0.01263EPSS
Exploits0
Node JS Blog
Node JS Blog
added 2021/08/31 12:0 a.m.64 views

August 31 2021 Security Releases

August 31 2021 Security Releases Update 6-Dec-2021 Security releases available Updates are now available for v14.x, and v12.x Node.js release lines for the following issues. npm 6 update - node-tar There are vulnerabilities in the node-tar which are related to the initial reports and subsequent...

8.6CVSS8.2AI score0.15014EPSS
Exploits1
Rows per page
Query Builder