7911 matches found
CVE-2020-26311
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...
CVE-2020-26311
The CVE-2020-26311 entry concerns the Node.js Useragent parser. The connected sources confirm a Regular Expression Denial of Service (ReDoS) vulnerability caused by one or more part-regular expressions within the useragent package, affecting all versions at the time of publication. The impact is ...
CVE-2020-26311 GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...
CVE-2020-26311 GHSL-2020-312: Regular Expression Denial of Service (ReDoS) in useragent
Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no patches are available...
Security Bulletin: IBM Datapower Operations Dashboard could allow remote attacker to execute arbitrary commands on the system CVE-2017-16100
Summary dns-sync is used by the IBM Datapower Operations Dashboard implementation of networking operations Vulnerability Details CVEID:CVE-2017-16100 DESCRIPTION: Node.js dns-sync module could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation o...
RHSA-2024:1444 Red Hat Security Advisory: nodejs:16 security update
Bulletin has no description...
RHSA-2023:5362 Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:1742 Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:0050 Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:9073 Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:0350 Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Bulletin has no description...
RHEA-2022:5615 Red Hat Enhancement Advisory: nodejs:12 bug fix and enhancement update
Bulletin has no description...
RHSA-2024:1510 Red Hat Security Advisory: nodejs:18 security update
Bulletin has no description...
RHSA-2024:1880 Red Hat Security Advisory: nodejs:18 security update
Bulletin has no description...
CVE-2024-48930
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...
Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...
CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
CVE-2024-48930 secp256k1-node vulnerable to private key extraction over ECDH
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In elliptic-based version, loadUncompressedPublicKey has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, loadCompressedPublicKey is missing that...
CVE-2024-48930
CVE-2024-48930 affects secp256k1-node (elliptic-based build) where loadCompressedPublicKey fails to validate public keys on the curve, enabling an attacker to derive a private key after as few as 11 ECDH sessions. Reports note that publicKeyVerify() can misreport invalid keys as valid, and public...