ROOT-APP-NPM-CVE-2022-38900 CVE-2022-38900 in @rootio/decode-uri-component - Patched by Root

Root has patched CVE-2022-38900 in the @rootio/decode-uri-component package for Root:npm. Multiple fixed versions available...

MiracleLinux 9 : pcs-0.11.6-3.el9.ML.1 (AXSA:2023-6977:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6977:13 advisory. decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 Tenable has extracted the preceding description block directly from the...

Atlassian Confluence < 8.5.18 / 8.6.x < 9.2.1 / 9.3.x < 9.3.1 / 9.4.x < 9.5.4 / 10.0.x < 10.0.2 / 10.1.0 (CONFSERVER-101486)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101486 advisory. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus has not tested for this...

EUVD-2022-7447

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-38900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. CVE-2022-38900 Note that Nessus relies on the presence of the package as...

CVE-2024-1594

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...

EulerOS 2.0 SP8 : wget (EulerOS-SA-2025-1130)

According to the versions of the wget package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center

This High severity decode-uri-component Dependency vulnerability was introduced in version 7.0.1 of Confluence Data Center. This decode-uri-component Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...

ROS-20240826-09

The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...

ROS-20240826-12

Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...

Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]

Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...

RHEL 6 : decode-uri-component (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 Note that Nessus has not tested for...

Rocky Linux 9 : ruby:3.1 (RLSA-2024:1576)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1576 advisory. - The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that...

AlmaLinux 9 : ruby:3.1 (ALSA-2024:1576)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1576 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

RHEL 9 : ruby:3.1 (RHSA-2024:1576)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1576 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

AlmaLinux 8 : ruby:3.1 (ALSA-2024:1431)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1431 advisory. ruby/cgi-gem: HTTP response splitting in CGI CVE-2021-33621 ruby: ReDoS vulnerability in URI CVE-2023-28755 ruby: ReDoS vulnerability - upstream's...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2024-1195)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202401-27 : Ruby: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-27 Ruby: Multiple vulnerabilities - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header...

Medium: haproxy

Issue Overview: HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server. CVE-2023-45539 Affected...