Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 7:49 p.m.42 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.2 Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function. A remote attack...

9.8CVSS9.3AI score0.28839EPSS
Exploits12Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.19 views

Debian dla-3229 : node-log4js - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3229 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/...

5.5CVSS6.5AI score0.00302EPSS
Exploits0References4
Debian
Debian
added 2022/12/06 7:26 p.m.35 views

[SECURITY] [DLA 3229-1] node-log4js security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2022 https://wiki.debian.org/LTS -...

5.5CVSS5.7AI score0.00302EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.57 views

Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics

Summary IBM Netezza Analytics uses Log4j version 1.x. IBM Netezza Analytics has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializati...

9.8CVSS1.9AI score0.81147EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.66 views

Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS

Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsa...

9.8CVSS2AI score0.6906EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/08 2:58 p.m.19 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704 with details below Vulnerability Details CVEID: CVE-2022-21704 DESCRIPTION: log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive...

5.5CVSS0.9AI score0.00302EPSS
Exploits0Affected Software2
vulnersOsv
vulnersOsv
added 2022/01/21 6:53 p.m.5 views

2o3t-core (>=0.0.1 <=0.0.34), 2o3t-logger (>=0.0.1 <=0.3.9) +5910 more potentially affected by CVE-2022-21704 via log4js (>=0.2.4 <=6.3.0)

log4js NPM version =0.2.4, =0.0.1, =0.0.1, =0.0.1, =0.1.1, =0.0.3-1, =1.0.0, =1.6.1, =0.0.15, =8.25.29, =4.0.1, =0.5.0, =1.1.0, =2.0.0, =0.5.0-beta, =0.6.0-beta and more Source cves: CVE-2022-21704 Source advisory: OSV:GHSA-82V2-MX6X-WQ7Q...

5.5CVSS6.1AI score0.00302EPSS
Exploits0
CVE
CVE
added 2022/01/19 12:0 a.m.156 views

CVE-2022-21704

CVE-2022-21704 affects log4js-node (Node.js): in affected versions, default log file permissions for file, fileSync, and dateFile appenders are world-readable on Unix, risking exposure of sensitive data in logs if not overridden by the mode setting. Public-details confirm the impact on log4js-nod...

5.5CVSS5.6AI score0.00302EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/01/19 12:0 a.m.37 views

CVE-2022-21704 Incorrect Default Permissions in log4js-node

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

5.5CVSS5.6AI score0.00302EPSS
Exploits0References5
Rows per page
Query Builder