53 matches found
EUVD-2017-0303
Malware in sbrugna...
EUVD-2018-0448
Malware in sbrugna...
EUVD-2017-0244
Malware in sbrugna...
EUVD-2019-0270
Malware in sbrugna...
EUVD-2019-0239
Malware in sbrugna...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to Node.js module snowflake ( CVE-2025-46328 )
Summary IBM App Connect Enterprise Discovery Connectors is vulnerable to Time-of-check Time-of-use TOCTOU Race Condition due to Node.js module snowflake Vulnerability Details CVEID:CVE-2025-46328 DESCRIPTION: snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-47279]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to addres...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Snowflake connector are vulnerable to improper preservation of permissions [CVE-2025-24791]
Summary Node.js module snowflake-sdk is used by IBM App Connect Enterprise Certified Container for connecting to Snowflake. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows containing the Snowflake connector are vulnerable to improper...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF and credential leakage [CVE-2025-27152, CVE-2025-27789, CVE-2025-32996, CVE-2025-32997]
Summary Node.js modules axios and http-proxy-middleware are used by IBM App Connect Enterprise Certified Container for HTTP communications. Node.js module Babel is used for internal code generation. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service, SSRF...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting [CVE-2025-26791]
Summary node.js module DOMPurify is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in node.js module DOMPurify...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-55565]
Summary Node.js module nanoid is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module nanoid...
Azure Linux 3.0 Security Update: ntopng / reaper (CVE-2017-18214)
The version of ntopng / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via ...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-52798]
Summary node.js module path-to-regexp is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in node.js module...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws (CVE-2024-37890)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NU...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to the node.js module follow-redirects and Express.js (CVE-2024-28849, CVE-2024-29041)
Summary IBM App Connect Enterprise is vulnerable to a remote attack due to node.js module follow-redirects and Express.js. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality due to [CVE-2024-28849]
Summary Node.js module follow-redirects is used by IBM App Connect Enterprise Certified Container for http communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container flows using Box are vulnerable to loss of confidentiality due to [CVE-2024-24758]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for communicating with Box in the Box connector. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows using the Box connector are vulnerable to loss o...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32002 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a...
CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...