CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2024/02/08 5:15 p.m.•31 views

CVE-2023-42282 vulnerabilities

Vulnerabilities for packages: sqlpad, lerna, node-gyp, npm, renovate...

9.8CVSS6.6AI score0.00652EPSS

OSV•added 2024/02/08 5:15 p.m.•2 views

AZL-35042 CVE-2023-42282 affecting package nodejs for versions less than 20.14.0-1

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

9.8CVSS6.7AI score0.00652EPSS

OSV•added 2024/02/08 5:15 p.m.•3 views

AZL-34379 CVE-2023-42282 affecting package nodejs for versions less than 16.20.2-3

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

9.8CVSS6.8AI score0.00652EPSS

Securelist•added 2024/02/08 10:0 a.m.•35 views

Coyote: A multi-stage banking Trojan abusing the Squirrel installer

The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, we encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught our...

7.3AI score

Exploits0

OSV•added 2024/02/07 10:15 p.m.•3 views

AZL-35051 CVE-2024-24806 affecting package nodejs for versions less than 20.14.0-1

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

Wolfi•added 2024/02/07 10:15 p.m.•72 views

CVE-2024-24806 vulnerabilities

Vulnerabilities for packages: libuv, nodejs...

OSV•added 2024/02/07 10:15 p.m.•2 views

AZL-34278 CVE-2024-24806 affecting package nodejs18 for versions less than 18.18.2-4

Chainguard•added 2024/02/07 10:15 p.m.•93 views

CVE-2024-24806 vulnerabilities

Vulnerabilities for packages: nodejs, libuv...

RedHat Linux•added 2024/02/07 3:32 p.m.•45 views

Moderate: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.4 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

7.5CVSS6.6AI score0.00598EPSS

Exploits1References3

IBM Security Bulletins•added 2024/02/02 10:47 a.m.•28 views

Security Bulletin: Multiple vulnerabilities in nodejs packages affect IBM Business Automation Workflow - CVE-2023-26159, CVE-2023-45857

Summary IBM Business Automation Workflow Workflow Center user interfaces package vulnerable versions of open source dependencies. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

7.3CVSS6.8AI score0.00179EPSS

Exploits2Affected Software1

OSV•added 2024/01/26 9:15 a.m.•2 views

AZL-33935 CVE-2024-0727 affecting package nodejs for versions less than 16.20.2-2

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

5.5CVSS6.5AI score0.00208EPSS

OpenVAS•added 2024/01/12 12:0 a.m.•28 views

Debian: Security Advisory (DSA-5589-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.8AI score0.01916EPSS

Exploits3References2

OSV•added 2024/01/11 3:15 a.m.•0 views

AZL-33349 CVE-2024-22195 affecting package nodejs18 for versions less than 18.20.3-3

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

6.1CVSS6.7AI score0.00151EPSS

OSV•added 2024/01/09 5:15 p.m.•1 views

AZL-35044 CVE-2023-6129 affecting package nodejs for versions less than 20.14.0-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS6.8AI score0.03331EPSS

OSSF Malicious Packages•added 2024/01/07 1:33 p.m.•3 views

Malicious code in dynatrace-oneagent-nodejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b38a3f821fef1b8ddca507f11dff965bc5dddb2e2bd7d952c3b6b19103c69c10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score