1-of (>=1.0.0 <=1.0.1), 3klesmanager-common (>=2.0.0 <=2.0.1) +5747 more potentially affected by CVE-2021-29469 via redis (>=2.6.1 <=3.1.0)

redis NPM version =2.6.1, =1.0.0, =2.0.0, =0.0.12, =0.0.12, =3.10.1, =1.0.0, =0.7.0, =1.0.0, =1.0.2, =1.2.1, =2.0.0, =1.0.0, =1.0.0, =2.1.8 and more Source cves: CVE-2021-29469 Source advisory: OSV:GHSA-35Q2-47Q7-3PC3...

Fedora: Security Advisory for nodejs (FEDORA-2021-568b18102a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for nodejs-underscore (openSUSE-SU-2021:0601-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0601-1 Security update for nodejs-underscore

This update for nodejs-underscore fixes the following issues: Update version to 1.13.1 Fix security issue boo1184800, CVE-2021-23358 Fix bugs Many new features...

AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

Security update for nodejs-underscore (important)

openSUSE Security Update: Security update for nodejs-underscore Announcement ID: openSUSE-SU-2021:0601-1 Rating: important References: 1184800 Cross-References: CVE-2021-23358 CVSS scores: CVE-2021-23358 NVD : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 ...

Fedora: Security Advisory for nodejs (FEDORA-2021-d934acdb42)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23379

This affects all versions of package portkiller. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

Arbitrary Command Injection

Overview psnode is an A Node.js KISS module to list and kill process on OSX and Windows. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands...

RHEL 8 : RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, (Moderate) (RHSA-2021:1169)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1169 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

nodejs-bootstrap-select: not escaping title values on <option> may lead to XSS

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance

An update for org.ovirt.engine-root, ovirt-engine-ui-extensions, and ovirt-web-ui is now available for Red Hat Virtualization Engine 4.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2021-23280

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...

Privilege escalation

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...

CVE-2021-23280 Arbitrary File upload

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...

GHSA-45W5-PVR8-4RH5 Command injection in eslint-fixer

The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.2 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2021-23369

A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system e.g. browser or server when the template is compiled with the...

OESA-2021-1099 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple. Security Fixes: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Deni...

Monospace Directus Headless CMS File Upload / Rule Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because ...