13 matches found
RHEL 9 : ceph (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - angularjs: Regular expression denial of service via the $resource service CVE-2023-26117 Note that Nessus has not...
Security Bulletin: IBM Storage Ceph is vulnerable to a REDOS attack in MarkedJS (CVE-2022-21680, CVE-2022-21681)
Summary MarkedJS is used by IBM Storage Ceph as a compiler to parse markdown. CVE-2022-21680, CVE-2022-21681 Vulnerability Details CVEID: CVE-2022-21680 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in block.de...
Security Bulletin: There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management (CVE-2022-21681, CVE-2022-21680)
Summary There are multiple vulnerabilities in Node.js used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in inline.reflinkSearch. By...
Security Bulletin: There is a vulnerability in Node.js used IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-21681, CVE-2022-21680)
Summary There is a vulnerability in Node.js used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-21681 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...
Fedora 36 : gitqlient (2022-784d729f30)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-784d729f30 advisory. Update to latest version Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora: Security Advisory for gitqlient (FEDORA-2022-784d729f30)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2022-21680
A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service ReDoS attacks, affecting system availability...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to denial of service due to CVE-2022-21680
Summary Node.js module marked is used by IBM App Connect Enterprise Certified Container when creating an API-based Designer flow. IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to regular expression denial of service. This bulletin provides patch...
Security Bulletin: A security vulnerability in Node.js marked module affects IBM Cloud Automation Manager
Summary A security vulnerability in Node.js marked module affects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2022-21680 DESCRIPTION: Node.js marked module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in block.def. By sending...
08cms (=1.0.0), 0ad-tools (=0.0.1) +34225 more potentially affected by CVE-2022-21680 via marked (>=0.0.1 <=4.0.0)
marked NPM version =0.0.1, =5.0.3, =0.0.1, =1.1.5, =0.3.96, =1.0.0, =0.1.0, =2.1.0, =1.0.0, =1.0.5 and more Source cves: CVE-2022-21680 Source advisory: OSV:GHSA-RRRM-QJM4-V8HF...
CVE-2022-21680
creationtimestamp| type| source ---|---|--- 2022-01-14 14:50:33+00:00| published-proof-of-concept| https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf 2022-01-14 21:03:40+00:00| seen| https://t.me/cibsecurity/35571 2025-04-22 19:03:49+00:00| seen|...
CVE-2022-21680 Cubic catastrophic backtracking (ReDoS) in marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and lead to a regular expression denial of service ReDoS. Anyone who runs untrusted markdown through a vulnerable version of marked and does...