Lucene search
K

73 matches found

OSV
OSV
added 2024/12/16 2:0 p.m.19 views

BIT-NODE-MIN-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS8.3AI score0.14024EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.32 views

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...

8.8CVSS7.7AI score0.0828EPSS
Exploits3References10
OSV
OSV
added 2024/03/06 11:2 a.m.46 views

BIT-NODE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS7.9AI score0.14024EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.25 views

openSUSE: Security Advisory for nodejs18 (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.1AI score0.81464EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2023/11/22 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-6491-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.9AI score0.81464EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.41 views

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Node.js vulnerabilities (USN-6491-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6491-1 advisory. Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening...

8.1CVSS8AI score0.81464EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.31 views

Rocky Linux 9 : nodejs:18 (RLSA-2022:8832)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8832 advisory. - A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand functio...

8.1CVSS7AI score0.14024EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2023/06/15 12:0 a.m.51 views

nodejs security update

1:16.19.1-2 - Update bundled c-ares to 1.19.1 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 1:16.19.1-1 - Rebase to 16.19.1 - Resolves: rhbz2153714 - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-49...

9.8CVSS7AI score0.81464EPSS
Exploits10
OpenVAS
OpenVAS
added 2023/02/16 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:0419-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.81464EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2023:0408-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.9AI score0.81464EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2023/02/15 12:0 a.m.33 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0408-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0408-1 advisory. This update ships nodejs18 jscPED-2097 Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default crypto:...

9.1CVSS7.2AI score0.81464EPSS
Exploits5References25
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.75 views

Rocky Linux 8 : nodejs:18 (RLSA-2022:8833)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8833 advisory. - A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can...

8.1CVSS7AI score0.14024EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/01/10 12:0 a.m.127 views

AlmaLinux 8 : nodejs:14 (ALSA-2023:0050)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0050 advisory. minimist: prototype pollution CVE-2021-44906 node-fetch: exposure of sensitive information to an unauthorized actor CVE-2022-0235 nodejs-minimatch: ReDoS...

9.8CVSS7.1AI score0.14663EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2023/01/09 12:0 a.m.44 views

CentOS 8 : nodejs:14 (CESA-2023:0050)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0050 advisory. - Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95. CVE-2021-44906 - node-fetch is vulnerable to...

9.8CVSS7.1AI score0.14663EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2022/12/16 12:0 a.m.72 views

Oracle Linux 8 : ELSA-2022-9073-1: / nodejs:16 (ELSA-2022-90731)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-90731 advisory. - Record CVE references already addressed in this or previous upstream versions Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824...

9.8CVSS7AI score0.21514EPSS
Exploits3References8
Prion
Prion
added 2022/12/05 10:15 p.m.33 views

Command injection

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

5.1CVSS8.1AI score0.14024EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.217 views

CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS7.8AI score0.14024EPSS
Exploits0
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.41 views

CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.6AI score0.14024EPSS
Exploits0References5
OSV
OSV
added 2022/12/05 12:0 a.m.51 views

CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS1.8AI score0.14024EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/11/29 12:0 a.m.33 views

Fedora: Security Advisory for nodejs (FEDORA-2022-1667f7b60a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS7.9AI score0.68796EPSS
Exploits4References2
Rows per page
Query Builder