ROOT-APP-NPM-CVE-2022-37599 CVE-2022-37599 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37599 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-37603 CVE-2022-37603 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37603 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-37601 CVE-2022-37601 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37601 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.x < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101573)

The version of Atlassian Confluence Server running on the remote host is affected by a denial of service vulnerability as referenced in the CONFSERVER-101573 advisory. - A Regular expression denial of service ReDoS flaw was found in Function interpolateName in interpolateName.js in webpack...

Atlassian Confluence 9.0.1 < 9.2.1 / 9.3.1 < 9.4.0 / 9.5.x < 9.5.1 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101574)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101574 advisory. - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This...

EUVD-2022-7006

Malicious code in bioql PyPI...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to to prototype pollution due to webpack loader-utils ( CVE-2022-37601 )

Summary Potential vulnerabilities in webpack loader-utils module has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: Prototype pollution vulnerability in function parseQuery in parseQuery....

Linux Distros Unpatched Vulnerability : CVE-2022-37601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all...

RHEL 9 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A vulnerabilit...

RHEL 8 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 ...

RHEL 9 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - async: Prototype Pollution in async CVE-2021-43138 - The glob-parent package before 6.0.1 for Node.js...

RHEL 8 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ejs: server-side template injection in outputFunctionName CVE-2022-29078 - The package handlebars before...

RHEL 6 : loader-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A Regular...

RHEL 7 : loader-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - loader-utils: prototype pollution in function parseQuery in parseQuery.js CVE-2022-37601 - A Regular...

Fedora 38 : yarnpkg (2024-5ecc250449)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5ecc250449 advisory. Update to 1.22.21, add fixes for CVE-2022-37599, CVE-2023-26136, CVE-2023-46234. Tenable has extracted the preceding description block directly from...

loader-utils: prototype pollution in function parseQuery in parseQuery.js

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...

loader-utils: prototype pollution in function parseQuery in parseQuery.js

A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution...

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which provides a detailed severity rating, is available for each vulnerability from th...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

Migration Toolkit for Runtimes 1.1.0 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...