Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "serve-static-1.15.0.tgz, cookie-0.6.0.tgz, send-0.18.0.tgz, express-4.19.2.tgz, requests v2.25.1, idna v2.1" which are vulnerable to "CVE-2024-43800, CVE-2024-47764, CVE-2024-43799, CVE-2024-43796, CVE-2023-32681, CVE-2024-35195, CVE-2024-3651". This...

EUVD-2017-7851

Malware in sbrugna...

EUVD-2018-19482

Malware in sbrugna...

01-numacert (>=1.0.0 <=3.0.0), 02-infrastructure (=1.0.0) +24607 more potentially affected by CVE-2024-43799 via send (>=0.0.1 <=0.18.0)

send NPM version =0.0.1, =1.0.0, =1.0.0, =1.0.3, =0.1.0, =0.3.5 and more Source cves: CVE-2024-43799 Source advisory: OSV:GHSA-M6FV-JMCG-4JFG...

Code injection

An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ShmWriter, Send is implemented without requiring H: Send...

Joyent Node.js send ROOT directory discovery vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js send allows remote attackers to submit a special request to discover the root directory...

Root Path Disclosure

Overview Versions of send prior to 0.11.2 are affected by an information leakage vulnerability which may allow an attacker to enumerate paths on the server filesystem. Recommendation Update to version 0.11.1 or later. References - PR 70 - Express Changelog - 2015/01/20 - GitHub Advisory...

IBM AIX TCP Large Send Denial of Service Vulnerability

Binary data aixicmpechoreplydos.nbin...