K000137093: Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116

Security Advisory Description CVE-2018-7167 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instea...

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

Command injection

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow. An attacker could exploit this vulnerability by tricking a user into opening a malicious file or by sending a specially crafted HTTP request to a vulnerable Vim server. Once the vulnerability is exploited, the attacker could take control of the...

F5 Networks BIG-IP : Node.js vulnerabilities (K000137093)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2.2 / 17.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K000137093 advisory. CVE-2018-7167Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which...

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

CVE-2023-43890

CVE-2023-43890 affects Netis N3Mv2-V1.0.1.865. The vulnerability is a command injection in the device’s diagnostic tools page that can be exploited via a crafted HTTP request. According to the provided documents, exploitability is network-based with low privileges required and no user interaction...

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-toolset and amicontained

Summary Multiple issues were identified in Red Hat UBI packages go-toolset and amicontained that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2020-29652 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a NUL...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

Design/Logic Flaw

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

CVE-2023-43323 affects mooSocial 3.1.8. The vulnerability is external service interaction in the post function, where requests to external servers may be triggered via parameters messageText, data[wall_photo], data[userShareVideo], and data[userShareLink]. The issue has a documented PoC/exploit p...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2023-30582 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the failure to restrict file watching through the...

CVE-2023-20034

Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presen...

USN-6399-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...

USN-6398-1: ReadyMedia vulnerabilities

It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-26505 It was...

Amazon Linux 2 : squid (ALASSQUID4-2023-006)

The version of squid installed on the remote host is prior to 4.13-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-006 advisory. A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS...

Ubuntu 23.04 : Puma vulnerability (USN-6399-1)

The remote Ubuntu 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6399-1 advisory. It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP request Smuggling attack...