225 matches found
Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js http-cache-semantics module (CVE-2022-25881)
Summary A vulnerability in Node.js http-cache-semantics module used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...
php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications
A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...
AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-490...
Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...
Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...
Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes
Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js http-cache-semantics
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js http-cache-semantics. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial ...
Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Security Bulletin: Potential denial of service in IBM DataPower Gateway (CVE-2022-25881)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input using request header values, ...
SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:1942-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1942-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Tenabl...
SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2023:1923-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1923-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Tenabl...
SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:1924-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1924-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics...
SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:1876-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1876-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...
SUSE: Security Advisory (SUSE-SU-2023:1923-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:1875-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1875-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...
SUSE SLES15 / openSUSE 15 Security Update : nodejs10 (SUSE-SU-2023:1871-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1871-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...
Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)
Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...