47 matches found
CentOS 9 : nodejs-16.16.0-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the nodejs-16.16.0-1.el9 build changelog. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs...
Rocky Linux 8 : nodejs:16 (RLSA-2021:5171)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5171 advisory. - This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...
SUSE: Security Advisory (SUSE-SU-2023:2578-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...
Security Bulletin: IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below.
Summary IBM Edge Application Manager 4.5 addresses the security vulnerability listed in the CVE below. Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of objec...
Ubuntu 18.04 LTS / 20.04 LTS : JSON Schema vulnerability (USN-6103-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6103-1 advisory. It was discovered that JSON Schema incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...
Security Bulletin: IBM Process Mining is vulnerable to Prototype Pollution due to json-schema CVE-2021-3918
Summary json-schema is used by IBM Process Mining. CVE-2021-3918. The fix includes json-schema 0.4.0 Vulnerability Details CVEID:CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
Mageia: Security Advisory (MGASA-2022-0463)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3228-1] node-json-schema security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3228-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2022 https://wiki.debian.org/LTS -...
Security Bulletin: Vulnerability in Json-schema library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-3918)
Summary Json-schema is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2021-3918. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modificatio...
Security Bulletin: IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema (CVE-2021-3918)
Summary IBM Integration Bus is vulnerable to arbitrary code execution due to json-schema. The fix includes json-schema 0.4.0. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controll...
openSUSE: Security Advisory for nodejs10 (SUSE-SU-2022:1717-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1717-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe bsc1192153. - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite bsc1191963. - CVE-2021-32804: Fixed...
Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Json4j is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-3918 by upgrading addressable to latest version. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execu...
AlmaLinux 8 : nodejs:14 (ALSA-2022:0350)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:0350 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...
AlmaLinux 8 : nodejs:16 (ALSA-2021:5171)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5171 advisory. nodejs-json-schema: Prototype pollution vulnerability CVE-2021-3918 nodejs-ini: Prototype pollution via malicious INI file CVE-2020-7788 nodejs-glob-paren...
openSUSE: Security Advisory for nodejs8 (openSUSE-SU-2022:0704-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2022:0715-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : nodejs8 (openSUSE-SU-2022:0704-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0704-1 advisory. - All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and...