Lucene search
K

225 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:33 p.m.32 views

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.8AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:33 p.m.42 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Node.js http-cache-semantics module (CVE-2022-25881)

Summary A vulnerability in Node.js http-cache-semantics module used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/16 9:8 a.m.4 views

php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications

A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...

6.5CVSS7.3AI score0.49336EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/05/13 12:0 a.m.41 views

AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2654 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-490...

8.6CVSS7.1AI score0.02209EPSS
Exploits5References9
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.55 views

Moderate: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.6CVSS6.9AI score0.02023EPSS
Exploits4References8
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.3 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/05/09 11:51 a.m.2 views

http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server...

7.5CVSS7.1AI score0.01613EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.67 views

Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 16.19.1, nodejs-nodemon 2.0.20. Security Fixes: c-ares: buffer overflow in...

8.6CVSS7.8AI score0.02023EPSS
Exploits3References14
RedHat Linux
RedHat Linux
added 2023/05/03 3:32 p.m.37 views

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes

Multicluster Engine for Kubernetes 2.0.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS6.7AI score0.01613EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 9:46 p.m.34 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js http-cache-semantics

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js http-cache-semantics. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial ...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/01 6:24 p.m.32 views

Moderate: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes

Multicluster Engine for Kubernetes 2.1.6 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS6.7AI score0.01613EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/01 1:30 p.m.45 views

Security Bulletin: Potential denial of service in IBM DataPower Gateway (CVE-2022-25881)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex input using request header values, ...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/24 12:0 a.m.24 views

SUSE SLES12 Security Update : nodejs16 (SUSE-SU-2023:1942-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1942-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Tenabl...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/21 12:0 a.m.31 views

SUSE SLES15 Security Update : nodejs16 (SUSE-SU-2023:1923-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1923-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Tenabl...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/21 12:0 a.m.23 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs16 (SUSE-SU-2023:1924-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1924-1 advisory. Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.25 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs12 (SUSE-SU-2023:1876-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1876-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/04/20 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2023:1923-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.21 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs14 (SUSE-SU-2023:1875-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1875-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/04/18 12:0 a.m.32 views

SUSE SLES15 / openSUSE 15 Security Update : nodejs10 (SUSE-SU-2023:1871-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1871-1 advisory. - CVE-2022-25881: Fixed regular expression denial of service vulnerability bsc1208744. Tenable has extracted the preceding...

7.5CVSS6.9AI score0.01613EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/17 1:11 p.m.62 views

Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)

Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...

7.5CVSS6.9AI score0.01613EPSS
Exploits1Affected Software1
Rows per page
Query Builder