Lucene search
K

37 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2024-39338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CVE-2024-39338 Note that Nessus...

7.5CVSS6.7AI score0.01414EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2024-6971446073)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.01414EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2024-19e63ed69e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01414EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2025/03/07 4:15 p.m.12 views

CVE-2025-27152

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue...

8.7CVSS6.8AI score0.00759EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 11:48 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7.9AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 4:27 p.m.20 views

Security Bulletin: Server Side Request Forgery vulnerability affect IBM Business Automation Workflow - CVE-2024-39338

Summary IBM Business Automation Workflow is vulnerable to a Server Side Request Forgery SSRF attack. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative...

7.5CVSS6.3AI score0.01414EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery [CVE-2024-45590] [CVE-2024-39338]

Summary Node.js modules expressjs and axios are used by IBM App Connect Enterprise Certified Container for making and responding to HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery. This bulletin...

7.5CVSS6.8AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)

Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...

7.5CVSS6.3AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)

Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2024-39338).

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery. Axios is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/09 9:46 a.m.40 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.1CVSS9.8AI score0.66594EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/22 6:2 p.m.45 views

Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...

7.5CVSS7.4AI score0.02114EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/20 3:23 p.m.32 views

Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

7.5CVSS9.7AI score0.58768EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.7 views

Fedora 41 : nextcloud (2024-19e63ed69e)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19e63ed69e advisory. 29.0.6 release RHBZ2305125 RHBZ2309499 fixes CVE-2024-39338 Tenable has extracted the preceding description block directly from the Fedora security advisory...

7.5CVSS6.9AI score0.01414EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/11/13 4:13 a.m.27 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

10CVSS6.7AI score0.01414EPSS
Exploits3References35
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:5 a.m.20 views

Security Bulletin: Due to use of Axios, IBM Event Processing is vulnerable to server-side request forgery

Summary Axios is used by IBM Event Processing frontend. CVE-2024-39338 Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially...

7.5CVSS6.2AI score0.01414EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/31 12:0 a.m.15 views

SUSE SLED15: pgadmin4 / pgadmin4-cloud / pgadmin4-desktop / pgadmin4-doc / etc (SUSE-SU-2024:3771-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3771-1 advisory. - CVE-2024-38355: Fixed socket.io: unhandled 'error' event bsc1226967 - CVE-2024-38998: Fixed...

10CVSS7AI score0.09685EPSS
Exploits9References29
Rows per page
Query Builder