Lucene search
+L

385 matches found

nessus
nessus
added 2023/05/25 12:0 a.m.34 views

Rocky Linux 9 : nodejs and nodejs-nodemon (RLSA-2023:2655)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2655 advisory. - This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a serve...

8.6CVSS7.4AI score0.02023EPSS
Exploits3References14
nessus
nessus
added 2023/05/17 12:0 a.m.32 views

Oracle Linux 9 : nodejs / and / nodejs-nodemon (ELSA-2023-2655)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2655 advisory. - Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920 - Resolves: CVE-2022-25881 CVE-2022-4904 nodejs-nodemon Tenable...

8.6CVSS6.8AI score0.02209EPSS
Exploits4References7
nessus
nessus
added 2023/04/28 12:0 a.m.40 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS : Netty vulnerabilities (USN-6049-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6049-1 advisory. It was discovered that Netty's Zlib decoders did not limit memory allocations. A remote attacker could possibly use...

7.5CVSS6.6AI score0.18891EPSS
Exploits3References10
nessus
nessus
added 2023/04/05 12:0 a.m.35 views

Oracle Linux 8 : nodejs:18 (ELSA-2023-1583)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1583 advisory. - Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807 Tenable has extracted the preceding description block directly from the Oracl...

8.6CVSS6.8AI score0.02023EPSS
Exploits4References7
nessus
nessus
added 2023/03/14 12:0 a.m.37 views

SUSE SLES12 Security Update : nodejs18 (SUSE-SU-2023:0715-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0715-1 advisory. Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...

7.5CVSS6.8AI score0.02209EPSS
Exploits2References16
fedora
fedora
added 2023/03/11 3:40 a.m.34 views

[SECURITY] Fedora 38 Update: perl-HTTP-Daemon-6.16-1.fc38

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

7.3CVSS1.4AI score0.02122EPSS
Exploits1
fedora
fedora
added 2023/03/08 1:28 a.m.40 views

[SECURITY] Fedora 37 Update: perl-HTTP-Daemon-6.16-1.fc37

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

7.3CVSS1.4AI score0.02122EPSS
Exploits1
fedora
fedora
added 2023/03/08 1:22 a.m.49 views

[SECURITY] Fedora 36 Update: perl-HTTP-Daemon-6.16-1.fc36

Instances of the HTTP::Daemon class are HTTP/1.1 servers that listen on a socket for incoming requests. The HTTP::Daemon is a subclass of IO::Socket::IP, so you can perform socket operations directly on it too...

5.5CVSS1.4AI score0.00214EPSS
Exploits0
nessus
nessus
added 2023/03/04 12:0 a.m.38 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:0609-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0609-1 advisory. Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule...

7.5CVSS6.8AI score0.02209EPSS
Exploits2References17
f5
f5
added 2023/02/21 8:0 p.m.103 views

K55834441: Netty vulnerability CVE-2021-21295

Security Advisory Description Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables...

5.9CVSS6.8AI score0.18891EPSS
Exploits0Affected Software1
nvd
nvd
added 2023/02/16 6:15 p.m.17 views

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS7.5AI score0.01304EPSS
Exploits0References5
nvd
nvd
added 2023/02/16 6:15 p.m.13 views

CVE-2023-23936

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS7AI score0.01129EPSS
Exploits1References4
prion
prion
added 2023/02/16 6:15 p.m.27 views

Design/Logic Flaw

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

5CVSS7.3AI score0.01304EPSS
Exploits0References4Affected Software1
prion
prion
added 2023/02/16 6:15 p.m.24 views

Crlf injection

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

5.8CVSS6.4AI score0.01129EPSS
Exploits1References4Affected Software2
ubuntucve
ubuntucve
added 2023/02/16 6:15 p.m.27 views

CVE-2023-24807

Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the Headers.set and Headers.append methods are vulnerable to Regular Expression Denial of Service ReDoS attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normali...

7.5CVSS6.9AI score0.01304EPSS
Exploits0References6
ubuntucve
ubuntucve
added 2023/02/16 6:15 p.m.29 views

CVE-2023-23936

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS6.8AI score0.01129EPSS
Exploits1References6
cve
cve
added 2023/02/16 5:30 p.m.322 views

CVE-2023-23936

CVE-2023-23936 affects the Node.js Fetch API: CRLF injection in host headers. Concretely, affected versions include Node.js packages prior to patch levels (e.g.,

6.5CVSS6.9AI score0.01129EPSS
Exploits1References4Affected Software2
debiancve
debiancve
added 2023/02/16 5:30 p.m.44 views

CVE-2023-23936

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS6.9AI score0.01129EPSS
Exploits1
cvelist
cvelist
added 2023/02/16 5:30 p.m.40 views

CVE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS7.2AI score0.01129EPSS
Exploits1References4
osv
osv
added 2023/02/16 5:30 p.m.26 views

CVE-2023-23936 CRLF Injection in Nodejs ‘undici’ via host

Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect host HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the headers.host string before passing to...

6.5CVSS6.9AI score0.01129EPSS
Exploits1References6
Rows per page
Query Builder