CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7925 matches found

IBM Security Bulletins•added 2024/06/20 12:38 a.m.•48 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.01859EPSS

Exploits2Affected Software1

NVD•added 2024/06/19 8:15 p.m.•26 views

CVE-2024-38355

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit 15af22fc22 which has been included in...

7.3CVSS0.00136EPSS

Exploits0References4

Vulnrichment•added 2024/06/19 7:48 p.m.•19 views

CVE-2024-38355 Unhandled 'error' event in socket.io

7.3CVSS6.5AI score0.00136EPSS

Exploits0References3

OSV•added 2024/06/19 7:48 p.m.•18 views

CVE-2024-38355 Unhandled 'error' event in socket.io

7.3CVSS7AI score0.00136EPSS

Exploits0References6

CVE•added 2024/06/19 7:48 p.m.•97 views

CVE-2024-38355

Socket.IO vulnerability CVE-2024-38355 involves an unhandled 'error' event that can trigger an uncaught exception on the Socket.IO server, potentially killing a Node.js process and enabling a denial-of-service condition. Official details state a fix is included in [email protected] (May 2023) and b...

7.3CVSS6.8AI score0.00136EPSS

Exploits0References4

CNNVD•added 2024/06/19 12:0 a.m.•3 views

Socket.IO Security Vulnerability

Socket.IO is a JavaScript library for real-time web applications from Socket.IO. A security vulnerability exists in Socket.IO that stems from a specially crafted Socket.IO packet that could trigger an uncaught exception on the server, terminating the Node.js process...

7.3CVSS6.8AI score0.00136EPSS

Exploits0References7

NVD•added 2024/06/17 8:15 p.m.•53 views

CVE-2024-37890

ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...

7.5CVSS0.00541EPSS

Exploits0References8

UbuntuCve•added 2024/06/17 8:15 p.m.•357 views

CVE-2024-37890

7.5CVSS6.8AI score0.00541EPSS

Exploits0References13

IBM Security Bulletins•added 2024/06/17 7:37 p.m.•37 views

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

8.1CVSS7.5AI score0.00369EPSS

Exploits0Affected Software1

Cvelist•added 2024/06/17 7:9 p.m.•80 views

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

7.5CVSS0.00541EPSS

Exploits0References8

CVE•added 2024/06/17 7:9 p.m.•487 views

CVE-2024-37890

The CVE-2024-37890 entry concerns the ws WebSocket library for Node.js. In vulnerable releases, a request containing more headers than server.maxHeadersCount can crash a ws server. The issue has been fixed in [email protected] and backported to [email protected], [email protected], and [email protected]. Remediation/mitigation av...

7.5CVSS7.4AI score0.00541EPSS

Exploits0References8

Vulnrichment•added 2024/06/17 7:9 p.m.•58 views

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

7.5CVSS7AI score0.00541EPSS

Exploits0References8

OSV•added 2024/06/17 7:9 p.m.•25 views

CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws

7.5CVSS6.8AI score0.00541EPSS

Exploits0References10

Debian CVE•added 2024/06/17 7:9 p.m.•70 views

CVE-2024-37890

7.5CVSS6.7AI score0.00541EPSS

Exploits0

IBM Security Bulletins•added 2024/06/17 8:34 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176.

Summary Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial ...

5.9CVSS5.4AI score0.00572EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/06/17 8:31 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849

Summary IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote...

6.5CVSS6.7AI score0.01077EPSS

Exploits1Affected Software1

OSV•added 2024/06/15 12:0 a.m.•15 views

OPENSUSE-SU-2024:13020-1 nodejs-electron-22.3.14-1.1 on GA media

These are all security issues fixed in the nodejs-electron-22.3.14-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.7AI score0.1839EPSS

Exploits0References2

OSV•added 2024/06/15 12:0 a.m.•13 views

OPENSUSE-SU-2024:13560-1 nodejs-electron-27.2.1-1.1 on GA media

These are all security issues fixed in the nodejs-electron-27.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.8AI score0.57947EPSS

Exploits1References2