Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2023-36665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf...

9.8CVSS7.9AI score0.02071EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/22 10:17 p.m.30 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in Grafana (CVE-2023-36665)

Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-36665. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary co...

9.8CVSS9.7AI score0.01683EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/11 4:26 p.m.72 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap [CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115]

Summary IBM App Connect Enterprise is vulnerable to a remote attack and a denial of service due to Node.js modules protobuf.js, vm2 and word-wrap CVE-2023-36665, CVE-2023-37903, CVE-2023-37466 and CVE-2023-26115. The fix includes protobuf.js =7.2.4, word-wrap =1.2.5 and vm2 has been removed from...

10CVSS8.5AI score0.02925EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:0 p.m.69 views

Security Bulletin: protobuf.js component is vulnerable which is used by IBM Maximo Application Suite [CVE-2023-36665]

Summary IBM Maximo Application Suite uses protobuf.js package which is vulnerable to CVE-2023-36665. IBM has addressed the vulnerability. Vulnerability Details CVEID:CVE-2023-36665 DESCRIPTION: protobuf.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototyp...

9.8CVSS9.8AI score0.01683EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/31 5:54 p.m.30 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]

Summary Node.js module protobuf.js is used by IBM App Connect Enterprise Certified Container by the Google PubSub node. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Google PubSub node are vulnerable to arbitrary code execution. This...

9.8CVSS9.7AI score0.01683EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/07/05 2:15 p.m.18 views

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

9.8CVSS8.4AI score0.01683EPSS
Exploits1References6
CVE
CVE
added 2023/07/05 12:0 a.m.325 views

CVE-2023-36665

CVE-2023-36665 affects protobuf.js (protobufjs) 6.10.0 through 7.x, before 7.2.5. A user‑controlled protobuf message can pollute Object.prototype by adding/overwriting its data and functions. Exploitation paths include: 1) parse, 2) loading .proto files via load/loadSync, or 3) untrusted input to...

9.8CVSS8.3AI score0.01683EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2023/07/05 12:0 a.m.41 views

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

9.1AI score0.01683EPSS
Exploits1References6
OSV
OSV
added 2023/07/05 12:0 a.m.27 views

CVE-2023-36665

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

9.8CVSS7.7AI score0.01683EPSS
Exploits1References8
Rows per page
Query Builder