CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of servic...

5.3CVSS6.2AI score0.00171EPSS

Exploits1Affected Software1

F5 Networks•added 2024/09/12 4:22 a.m.•33 views

K000141047: Multiple Node.js vulnerabilities

Security Advisory Description CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API...

8.1CVSS7.1AI score0.00369EPSS

Exploits0

Tenable Nessus•added 2024/09/12 12:0 a.m.•14 views

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42459)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42459 advisory. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing...

5.3CVSS7.1AI score0.00131EPSS

Exploits1References2

BDU FSTEC•added 2024/09/12 12:0 a.m.•1 views

The vulnerability of the Node.js software platform, related to improper access control, allows a hacker to execute arbitrary code.

The vulnerability of the Node.js software platform is related to improper access control. Exploiting this vulnerability allows an attacker to execute arbitrary code...

6.5CVSS7.1AI score0.00133EPSS

Exploits0References7Affected Software6

OSV•added 2024/09/11 7:20 a.m.•18 views

BIT-NODE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.6AI score0.01239EPSS

Exploits0References4

RedhatCVE•added 2024/09/10 5:43 p.m.•35 views

CVE-2024-45590

A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprisi...

7.5CVSS7.1AI score0.01387EPSS

Exploits1References5

NVD•added 2024/09/10 4:15 p.m.•39 views

CVE-2024-45590

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

7.5CVSS0.01387EPSS

Exploits1References2

Cvelist•added 2024/09/10 3:54 p.m.•30 views

CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled

7.5CVSS0.01387EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by