25 matches found
Azure Linux 3.0 Security Update: python-tensorboard (CVE-2022-46175)
The version of python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-46175 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and mainta...
Atlassian Confluence < 8.5.17 / 8.6.x < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 XSS (CONFSERVER-101487)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101487 advisory. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse metho...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2022-46175
Summary JSON5 is used by IBM Storage Fusion Data Foundation in the management-console and could allow a remote authenticated attacker to execute arbitrary code on the systemas part of CVE-2022-46175. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Dat...
Photon OS 5.0: Mozjs PHSA-2025-5.0-0504
An update of the mozjs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0504. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2022-46175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand e.g. for config files. The parse method of the JSON5...
CVE-2022-46175 affecting package python-tensorboard for versions less than 2.16.2-2
CVE-2022-46175 affecting package python-tensorboard for versions less than 2.16.2-2. An upgraded version of the package is available that resolves this issue...
RHEL 9 : gjs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...
RHEL 8 : gjs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6758-1 advisory. It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named \proto\. An attacker could possibly use this...
Security Bulletin: Vulnerabilities in node.js affect Cloud Pak Sytem [CVE-2023-28154, CVE-2022-46175, CVE-2022-3517]
Summary Vulnerabilities in react-scripts node.js modules affect Cloud Pak System. Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2023-28154 DESCRIPTION: Webpack could allow a remote attacker to bypass security restrictions, caused by the mishandling of the...
[SECURITY] [DLA 3665-1] node-json5 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3665-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 25, 2023 https://wiki.debian.org/LTS -...
Debian dla-3665 : node-json5 - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3665 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3665-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)
Summary IBM Storage Fusion and IBM Storage Fusion HCI, previously known as Spectrum Fusion and Spectrum Fusion HCI, may be affected by vulnerabilities in set-value Node.js, swagger-ui, JSON5, webpack/loader-utils. Vulnerabilities include access of resources using improper type leading to denial o...
Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)
Summary QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics...
Security Bulletin: IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation v2.4.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-1304 DESCRIPTION: e2fsprogs could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write...
Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to JSON5 code execution (CVE-2022-46175)
Summary Potential code execution vulnerability in JSON5-CVE-2022-46175 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-46175 DESCRIPTION: JSON5 could allow a remote authenticated...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-46175]
Summary Node.js module JSON5 is used by IBM App Connect Enterprise Certified Container for parsing JSON. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote authenticated attacker due to json5 (CVE-2022-46175)
Summary IBM App Connect Enterprise is vulnerable to a remote authenticated attacker executing arbitrary code due to json5 CVE-2022-46175. The resolving fix includes json5 v2.2.3 Vulnerability Details CVEID:CVE-2022-46175 DESCRIPTION: JSON5 could allow a remote authenticated attacker to execute...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js json5
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js json5. Vulnerability Details CVEID:CVE-2022-46175 DESCRIPTION: JSON5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw...