Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.55 views

RHEL 8 : nodejs:16 (RHSA-2022:6449)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6449 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.1CVSS7.5AI score0.77278EPSS
Exploits4References16
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.41 views

CentOS 8 : nodejs:14 (CESA-2022:6448)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:6448 advisory. - nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 - nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encodin...

8.1CVSS7AI score0.77278EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.59 views

RHEL 8 : nodejs:14 (RHSA-2022:6448)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6448 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.1CVSS7.1AI score0.77278EPSS
Exploits3References14
Tenable Nessus
Tenable Nessus
added 2022/09/08 12:0 a.m.49 views

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2022:6389)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6389 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

8.1CVSS7.1AI score0.77278EPSS
Exploits3References14
CNNVD
CNNVD
added 2020/12/24 12:0 a.m.5 views

Hyperledger Indy Node Data Forgery Issue Vulnerability

Indy Node is a distributed Ledger implementation based on indy-plenum Byzantine Fault Tolerance Protocol from the Linux Foundation, USA. Versions of Hyperledger Indy prior to 1.12.4 suffer from a data forgery issue vulnerability that stems from the absence of transaction-specific signature...

7.5CVSS7AI score0.00933EPSS
Exploits1References5
OSV
OSV
added 2020/09/02 3:42 p.m.15 views

GHSA-44VF-8FFM-V2QH Sensitive Data Exposure in rails-session-decoder

All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module until a fix...

7.3AI score
Exploits0References1
Huntr
Huntr
added 2020/08/17 12:0 a.m.16 views

Insecure Storage of Sensitive Information in smirzaei/rails-session-decoder

Overview rails-session-decoder is a simple utility for decoding Rails 4.x sessions in Node.js, this package are vulnerable to Information Exposure. Missing verification of the Message Authentication Code appended to the cookies may lead to decryption of cipher text, exposing encrypted information...

2.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/08/06 12:0 a.m.19 views

WordPress Elegant Themes Divi Theme 3.0 <= 4.5.2 Authenticated Arbitrary File Upload Vulnerability

The WordPress theme Divi by Elegant Themes is prone to an authenticated arbitrary file upload vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.9CVSS8.8AI score0.02356EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/06/08 5:0 p.m.25 views

CVE-2011-4190 Missing verification of host key for kdump server

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this fl...

5.9CVSS5AI score0.00779EPSS
Exploits0References2
CNVD
CNVD
added 2017/12/21 12:0 a.m.2 views

Foxit Reader Field Object Alignment Property Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A remote code execution vulnerability exists in the alignment property of the Field object in Foxit Reader version 8.3.2.25013, which is caused when the program fails to adequately verify the existence of an object...

8.8CVSS8.2AI score0.0259EPSS
Exploits0References1
Rows per page
Query Builder