9 matches found
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.2 Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function. A remote attack...
Debian dla-3229 : node-log4js - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3229 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DLA 3229-1] node-log4js security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2022 https://wiki.debian.org/LTS -...
Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics
Summary IBM Netezza Analytics uses Log4j version 1.x. IBM Netezza Analytics has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializati...
Security Bulletin: Log4j vulnerabilities affect IBM Netezza Analytics for NPS
Summary IBM Netezza Analytics for NPS uses Log4j version 1.x. IBM Netezza Analytics for NPS has addressed the aplicable CVEs Vulnerability Details CVEID: CVE-2022-23302 DESCRIPTION: Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsa...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704 with details below Vulnerability Details CVEID: CVE-2022-21704 DESCRIPTION: log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive...
2o3t-core (>=0.0.1 <=0.0.34), 2o3t-logger (>=0.0.1 <=0.3.9) +5910 more potentially affected by CVE-2022-21704 via log4js (>=0.2.4 <=6.3.0)
log4js NPM version =0.2.4, =0.0.1, =0.0.1, =0.0.1, =0.1.1, =0.0.3-1, =1.0.0, =1.6.1, =0.0.15, =8.25.29, =4.0.1, =0.5.0, =1.1.0, =2.0.0, =0.5.0-beta, =0.6.0-beta and more Source cves: CVE-2022-21704 Source advisory: OSV:GHSA-82V2-MX6X-WQ7Q...
CVE-2022-21704
CVE-2022-21704 affects log4js-node (Node.js): in affected versions, default log file permissions for file, fileSync, and dateFile appenders are world-readable on Unix, risking exposure of sensitive data in logs if not overridden by the mode setting. Public-details confirm the impact on log4js-nod...
CVE-2022-21704 Incorrect Default Permissions in log4js-node
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...