50 matches found
RHEL 8 : nodejs:16 (RHSA-2022:6449)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6449 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
CentOS 8 : nodejs:14 (CESA-2022:6448)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:6448 advisory. - nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 - nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodin...
RHEL 8 : nodejs:14 (RHSA-2022:6448)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6448 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:6389)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6389 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Hyperledger Indy Node Data Forgery Issue Vulnerability
Indy Node is a distributed Ledger implementation based on indy-plenum Byzantine Fault Tolerance Protocol from the Linux Foundation, USA. Versions of Hyperledger Indy prior to 1.12.4 suffer from a data forgery issue vulnerability that stems from the absence of transaction-specific signature...
GHSA-44VF-8FFM-V2QH Sensitive Data Exposure in rails-session-decoder
All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module until a fix...
Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder
Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...
WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability
The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2011-4190 Missing verification of host key for kdump server
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this fl...
Foxit Reader Field Object Alignment Property Remote Code Execution Vulnerability
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the alignment property of the Field object in Foxit Reader version 8.3.2.25013, which is caused when the program fails to adequately verify the existence of an object...