Action not permitted
Modal body text goes here.
CVE-2018-7160
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | The Node.js Project | Node.js |
Version: ^6.0.0 || ^8.0.0 || ^9.0.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T06:24:10.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Node.js", "vendor": "The Node.js Project", "versions": [ { "status": "affected", "version": "^6.0.0 || ^8.0.0 || ^9.0.0" } ] } ], "datePublic": "2018-03-21T00:00:00", "descriptions": [ { "lang": "en", "value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-350", "description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:53:16", "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "shortName": "nodejs" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2018-7160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Node.js", "version": { "version_data": [ { "version_value": "^6.0.0 || ^8.0.0 || ^9.0.0" } ] } } ] }, "vendor_name": "The Node.js Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS" } ] } } } }, "cveMetadata": { "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "assignerShortName": "nodejs", "cveId": "CVE-2018-7160", "datePublished": "2018-05-17T14:00:00Z", "dateReserved": "2018-02-15T00:00:00", "dateUpdated": "2024-09-17T01:35:37.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-7160\",\"sourceIdentifier\":\"cve-request@iojs.org\",\"published\":\"2018-05-17T14:29:00.827\",\"lastModified\":\"2024-11-21T04:11:42.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.\"},{\"lang\":\"es\",\"value\":\"El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podr\u00eda explotarse para ejecutar c\u00f3digo de forma remota. El ataque es posible desde sitios web maliciosos abiertos en un navegador web en el mismo ordenador o desde otro ordenador con acceso de red al ordenador que ejecuta el proceso Node.js. Un sitio web malicioso podr\u00eda emplear un ataque de reenlace DNS para enga\u00f1ar al navegador web para que omita las comprobaciones de pol\u00edtica del mismo origen y para permitir conexiones HTTP al host local o a hosts en la red local. Si un proceso Node.js con el puerto de depuraci\u00f3n activo se est\u00e1 ejecutando en el host local o en un host en la red local, el sitio web malicioso podr\u00eda conectarse a \u00e9l como depurador y obtener acceso total de ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"cve-request@iojs.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-350\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.8.1\",\"matchCriteriaId\":\"D107EC29-67E7-40C3-8E5A-324C9105C5E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"6.9.0\",\"versionEndExcluding\":\"6.14.0\",\"matchCriteriaId\":\"B6855CC9-21A0-4C1B-8C27-A15FA0D7244F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.8.1\",\"matchCriteriaId\":\"74FB695D-2C76-47AB-988E-5629D2E695E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"8.9.0\",\"versionEndExcluding\":\"8.11.0\",\"matchCriteriaId\":\"A6E7AD1F-26AA-4CBA-9162-7DFC0B09E620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.10.0\",\"matchCriteriaId\":\"8FC117F5-0B41-49F5-83DF-B830DEE95404\"}]}]}],\"references\":[{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"cve-request@iojs.org\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2018_2949
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.11.4). (BZ#1621761)\n\nSecurity Fix(es):\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2949", "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2949.json" } ], "title": "Red Hat Security Advisory: rh-nodejs8-nodejs security update", "tracking": { "current_release_date": "2024-11-15T03:06:26+00:00", "generator": { "date": "2024-11-15T03:06:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2018:2949", "initial_release_date": "2018-10-18T10:11:49+00:00", "revision_history": [ { "date": "2018-10-18T10:11:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-18T10:11:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T03:06:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product_id": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-docs@8.11.4-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-7159", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1561981" } ], "notes": [ { "category": "description", "text": "It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP parser allowed for spaces inside Content-Length header values", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7159" }, { "category": "external", "summary": "RHBZ#1561981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7159", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7159" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159" } ], "release_date": "2018-03-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: HTTP parser allowed for spaces inside Content-Length header values" }, { "cve": "CVE-2018-7160", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1561979" } ], "notes": [ { "category": "description", "text": "It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Inspector DNS rebinding vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7160" }, { "category": "external", "summary": "RHBZ#1561979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7160", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160" } ], "release_date": "2018-03-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Inspector DNS rebinding vulnerability" }, { "cve": "CVE-2018-7161", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591013" } ], "notes": [ { "category": "description", "text": "All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7161" }, { "category": "external", "summary": "RHBZ#1591013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7161", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash" }, { "cve": "CVE-2018-7167", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591006" } ], "notes": [ { "category": "description", "text": "It was found that the Buffer.fill() and Buffer.alloc() function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7167" }, { "category": "external", "summary": "RHBZ#1591006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7167", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters" }, { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" } ] }
gsd-2018-7160
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2018-7160", "description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "id": "GSD-2018-7160", "references": [ "https://www.suse.com/security/cve/CVE-2018-7160.html", "https://access.redhat.com/errata/RHSA-2018:2949", "https://advisories.mageia.org/CVE-2018-7160.html", "https://ubuntu.com/security/CVE-2018-7160" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-7160" ], "details": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "id": "GSD-2018-7160", "modified": "2023-12-13T01:22:32.850680Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2018-7160", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Node.js", "version": { "version_data": [ { "version_value": "^6.0.0 || ^8.0.0 || ^9.0.0" } ] } } ] }, "vendor_name": "The Node.js Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003e=6.0", "affected_versions": "All versions starting from 6.0", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-290", "CWE-78", "CWE-937" ], "date": "2023-07-20", "description": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "fixed_versions": [], "identifier": "CVE-2018-7160", "identifiers": [ "GHSA-wq4c-wm6x-jw44", "CVE-2018-7160" ], "not_impacted": "All versions before 6.0", "package_slug": "npm/node-inspector", "pubdate": "2022-05-13", "solution": "Unfortunately, there is no solution available yet.", "title": "Authentication Bypass by Spoofing", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-7160", "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://github.com/advisories/GHSA-wq4c-wm6x-jw44" ], "uuid": "e977e281-dfe0-4468-bcf1-fc4a9ef295eb" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "6.14.0", "versionStartIncluding": "6.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.11.0", "versionStartIncluding": "8.9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "6.8.1", "versionStartIncluding": "6.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "9.10.0", "versionStartIncluding": "9.0.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "ID": "CVE-2018-7160" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-290" } ] } ] }, "references": { "reference_data": [ { "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/" }, { "name": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9 } }, "lastModifiedDate": "2022-08-16T13:01Z", "publishedDate": "2018-05-17T14:29Z" } } }
wid-sec-w-2023-0561
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0561 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0561.json" }, { "category": "self", "summary": "WID-SEC-2023-0561 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0561" }, { "category": "external", "summary": "XEROX Security Advisory XRX23-007 vom 2023-05-18", "url": "https://security.business.xerox.com/wp-content/uploads/2023/05/Xerox-Security-Bulletin-XRX23-007-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf" }, { "category": "external", "summary": "XEROX Security Advisory XRX23-005 vom 2023-04-04", "url": "https://security.business.xerox.com/wp-content/uploads/2023/04/Xerox-Security-Bulletin-XRX23-005-Xerox%25C2%25AE-FreeFlow%25C2%25AE-Print-Server-v9.pdf" }, { "category": "external", "summary": "XEROX Security Advisory XRX23-002 vom 2023-03-23", "url": "https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-002-FreeFlow-Print-Server-v2_Windows10.pdf" }, { "category": "external", "summary": "Xerox Mini Bulletin XRX21A vom 2023-03-02", "url": "https://security.business.xerox.com/wp-content/uploads/2023/03/Xerox-Security-Bulletin-XRX23-001-FreeFlow%C2%AE-Print-Server-v7.pdf" } ], "source_lang": "en-US", "title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-05-18T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:46:07.359+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-0561", "initial_release_date": "2023-03-02T23:00:00.000+00:00", "revision_history": [ { "date": "2023-03-02T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-03-22T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von XEROX aufgenommen" }, { "date": "2023-04-03T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von XEROX aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von XEROX aufgenommen" } ], "status": "final", "version": "4" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Xerox FreeFlow Print Server 7", "product": { "name": "Xerox FreeFlow Print Server 7", "product_id": "T000872", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:7" } } }, { "category": "product_name", "name": "Xerox FreeFlow Print Server 9", "product": { "name": "Xerox FreeFlow Print Server 9", "product_id": "T002977", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:9" } } }, { "category": "product_name", "name": "Xerox FreeFlow Print Server v2", "product": { "name": "Xerox FreeFlow Print Server v2", "product_id": "T014888", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v2" } } } ], "category": "product_name", "name": "FreeFlow Print Server" } ], "category": "vendor", "name": "Xerox" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-21900", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2023-21900" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2023-21830" }, { "cve": "CVE-2022-46882", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46882" }, { "cve": "CVE-2022-46881", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46881" }, { "cve": "CVE-2022-46880", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46880" }, { "cve": "CVE-2022-46878", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46878" }, { "cve": "CVE-2022-46875", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46875" }, { "cve": "CVE-2022-46874", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46874" }, { "cve": "CVE-2022-46872", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-46872" }, { "cve": "CVE-2022-45421", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45421" }, { "cve": "CVE-2022-45420", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45420" }, { "cve": "CVE-2022-45419", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45419" }, { "cve": "CVE-2022-45418", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45418" }, { "cve": "CVE-2022-45417", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45417" }, { "cve": "CVE-2022-45416", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45416" }, { "cve": "CVE-2022-45415", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45415" }, { "cve": "CVE-2022-45414", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45414" }, { "cve": "CVE-2022-45413", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45413" }, { "cve": "CVE-2022-45412", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45412" }, { "cve": "CVE-2022-45411", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45411" }, { "cve": "CVE-2022-45410", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45410" }, { "cve": "CVE-2022-45409", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45409" }, { "cve": "CVE-2022-45408", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45408" }, { "cve": "CVE-2022-45407", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45407" }, { "cve": "CVE-2022-45406", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45406" }, { "cve": "CVE-2022-45405", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45405" }, { "cve": "CVE-2022-45404", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45404" }, { "cve": "CVE-2022-45403", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45403" }, { "cve": "CVE-2022-45063", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45063" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43548", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-43548" }, { "cve": "CVE-2022-42932", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-42932" }, { "cve": "CVE-2022-42929", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-42929" }, { "cve": "CVE-2022-42928", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-42928" }, { "cve": "CVE-2022-42927", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-42927" }, { "cve": "CVE-2022-42252", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-42252" }, { "cve": "CVE-2022-41556", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-41556" }, { "cve": "CVE-2022-41323", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-41323" }, { "cve": "CVE-2022-40962", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40962" }, { "cve": "CVE-2022-40960", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40960" }, { "cve": "CVE-2022-40959", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40959" }, { "cve": "CVE-2022-40958", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40958" }, { "cve": "CVE-2022-40957", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40957" }, { "cve": "CVE-2022-40956", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40956" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-39260", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-39260" }, { "cve": "CVE-2022-39253", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-39253" }, { "cve": "CVE-2022-3786", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3786" }, { "cve": "CVE-2022-37797", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-37797" }, { "cve": "CVE-2022-37454", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-37454" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-36087", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-36087" }, { "cve": "CVE-2022-36059", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-36059" }, { "cve": "CVE-2022-3602", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3602" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-3598", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3598" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3570", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3570" }, { "cve": "CVE-2022-35256", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-35256" }, { "cve": "CVE-2022-35255", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-35255" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-3276", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3276" }, { "cve": "CVE-2022-32222", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-32222" }, { "cve": "CVE-2022-32215", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-32215" }, { "cve": "CVE-2022-32213", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-32213" }, { "cve": "CVE-2022-32212", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-32212" }, { "cve": "CVE-2022-3204", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3204" }, { "cve": "CVE-2022-3190", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3190" }, { "cve": "CVE-2022-31630", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-31630" }, { "cve": "CVE-2022-31629", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-31629" }, { "cve": "CVE-2022-31628", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-31628" }, { "cve": "CVE-2022-3155", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3155" }, { "cve": "CVE-2022-3034", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3034" }, { "cve": "CVE-2022-3033", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3033" }, { "cve": "CVE-2022-3032", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-3032" }, { "cve": "CVE-2022-29458", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-29458" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-29154", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-29154" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-27406", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-27406" }, { "cve": "CVE-2022-27405", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-27405" }, { "cve": "CVE-2022-27404", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-27404" }, { "cve": "CVE-2022-26981", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-26981" }, { "cve": "CVE-2022-24765", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-24765" }, { "cve": "CVE-2022-24070", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-24070" }, { "cve": "CVE-2022-23901", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-23901" }, { "cve": "CVE-2022-22844", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-22844" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-21658", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-21658" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2122", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2122" }, { "cve": "CVE-2022-2058", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2058" }, { "cve": "CVE-2022-2057", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2057" }, { "cve": "CVE-2022-2056", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-2056" }, { "cve": "CVE-2022-1925", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1925" }, { "cve": "CVE-2022-1924", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1924" }, { "cve": "CVE-2022-1923", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1923" }, { "cve": "CVE-2022-1922", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1922" }, { "cve": "CVE-2022-1921", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1921" }, { "cve": "CVE-2022-1920", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1920" }, { "cve": "CVE-2022-1348", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1348" }, { "cve": "CVE-2022-1056", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-1056" }, { "cve": "CVE-2022-0924", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0924" }, { "cve": "CVE-2022-0909", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0909" }, { "cve": "CVE-2022-0908", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0908" }, { "cve": "CVE-2022-0907", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0907" }, { "cve": "CVE-2022-0891", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0891" }, { "cve": "CVE-2022-0865", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0865" }, { "cve": "CVE-2022-0562", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0562" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2022-0561" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-46848" }, { "cve": "CVE-2021-46823", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-46823" }, { "cve": "CVE-2021-42694", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-42694" }, { "cve": "CVE-2021-42574", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-42574" }, { "cve": "CVE-2021-37750", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-37750" }, { "cve": "CVE-2021-28544", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2021-28544" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2020-10735" }, { "cve": "CVE-2019-6111", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2019-6111" }, { "cve": "CVE-2018-7160", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2018-7160" }, { "cve": "CVE-2015-20107", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2015-20107" }, { "cve": "CVE-2006-20001", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T014888", "T000872", "T002977" ] }, "release_date": "2023-03-02T23:00:00.000+00:00", "title": "CVE-2006-20001" } ] }
ghsa-wq4c-wm6x-jw44
Vulnerability from github
Withdrawn Advisory
This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem.
Original Description
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.
{ "affected": [ { "package": { "ecosystem": "npm", "name": "node-inspector" }, "ranges": [ { "events": [ { "introduced": "6.0" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-7160" ], "database_specific": { "cwe_ids": [ "CWE-290" ], "github_reviewed": true, "github_reviewed_at": "2023-07-20T22:39:06Z", "nvd_published_at": "2018-05-17T14:29:00Z", "severity": "HIGH" }, "details": "## Withdrawn Advisory\nThis advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the [legacy debugger](https://nodejs.org/en/docs/inspector#legacy-debugger) at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a [supported ecosystem](https://github.com/github/advisory-database/blob/main/README.md#supported-ecosystems).\n\n## Original Description\nThe Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.", "id": "GHSA-wq4c-wm6x-jw44", "modified": "2023-10-09T00:42:54Z", "published": "2022-05-13T01:08:23Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160" }, { "type": "WEB", "url": "https://github.com/nodejs/node/commit/e3950d1a402b80e4098a40aacddd6a104da0cfa9" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases" }, { "type": "WEB", "url": "https://support.f5.com/csp/article/K63025104?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding", "withdrawn": "2023-10-09T00:42:54Z" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.