Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.675 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2022:3251-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3251-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request...

9.8CVSS6.8AI score0.03465EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2022:3251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2022:3250-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.26 views

openSUSE: Security Advisory for nodejs16 (SUSE-SU-2022:3250-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7.6AI score0.03465EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.41 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2022:3196-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3196-1 advisory. - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request bsc1202382. -...

9.8CVSS6.8AI score0.03465EPSS
Exploits3References14
OpenVAS
OpenVAS
added 2022/09/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2022:3196-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.03465EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/18 2:30 p.m.36 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-35948 and CVE-2022-35949

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

9.8CVSS7.1AI score0.01388EPSS
Exploits2Affected Software1
CVE
CVE
added 2022/08/12 12:0 a.m.242 views

CVE-2022-35949

CVE-2022-35949 (undici SSRF) : Undici’s HTTP/1.1 client is vulnerable to SSRF when user input is passed into the pathname option of undici.request, allowing an attacker to cause requests to be sent to internal hosts (e.g., 127.0.0.1) by manipulating the path. The issue arises from combining the b...

9.8CVSS7AI score0.01388EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder