127 matches found
RHEL 7 : kibana (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: Regular expression denial of service via the regex CVE-2020-7733 Note that Nessus has not test...
RHEL 7 : nodejs-ua-parser-js (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs-ua-parser-js: ReDoS in multiple regexes CVE-2020-7793 - The package ua-parser-js before 0.7.22 are...
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js ua-parser-js
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Node.js ua-parser-js. Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module (CVE-2022-25927)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to the ua-parser-js module in the electron app CVE-2022-25927. Electron is used for Discovery Connectors in IBM App Connect Enterprise. The latest fixpack includes ua-parser-js =v1.0.33 Vulnerability Details...
Security Bulletin: There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25927)
Summary There is a security vulnerability in Node.js ua-parser-js module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25927 DESCRIPTION: Node.js ua-parser-js module is vulnerable to a denial of service, caused by a regular expression...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-25927]
Summary Node.js module ua-parser-js is used by IBM App Connect Enterprise Certified Container DesignerAuthoring instances. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...
CVE-2022-25927
A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service ReDoS via the trim function...
CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
DEBIAN-CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
Design/Logic Flaw
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
UBUNTU-CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
CVE-2022-25927
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service ReDoS via the trim function...
CVE-2022-25927
CVE-2022-25927 affects ua-parser-js with a Regular Expression Denial of Service (ReDoS) through the trim() function. Affected versions are: ua-parser-js 0.7.30 and earlier than 0.7.33, and ua-parser-js 0.8.1 and earlier than 1.0.33. The vulnerability arises from the trim() path and could lead to ...
Regular Expression Denial Of Service (ReDoS)
ua-parser-js is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability exists due to an insecure Regex pattern used for the str attribute in the trim function of ua-parser.js, which allows an attacker to crash the application by providing a maliciously crafted string...
ReDoS Vulnerability in ua-parser-js version
Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...
@alfresco/adf-testing (=6.0.0-A.2-8258), @core-ui-kit/button (=1.1.8) +49 more potentially affected by CVE-2022-25927 via ua-parser-js (>=0.7.30 <=0.7.32)
ua-parser-js NPM version =0.7.30, =0.1.0, =0.1.5, =0.3.367, =3.34.0, =1.106.0, =1.106.0, =7.5.0 and more Source cves: CVE-2022-25927 Source advisory: OSV:GHSA-FHG7-M89Q-25R3...
GHSA-FHG7-M89Q-25R3 ReDoS Vulnerability in ua-parser-js version
Description: A regular expression denial of service ReDoS vulnerability has been discovered in ua-parser-js. Impact: This vulnerability bypass the library's MAXLENGTH input limit prevention. By crafting a very-very-long user-agent string with specific pattern, an attacker can turn the script to g...