Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-3ABBDB911ADD0E0B84EE2B79B6A00304

HistoryNov 19, 2020 - 12:00 a.m.

Uncontrolled Resource Consumption

2020-11-1900:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

c-ares’ ares_parse_{a,aaaa}_reply() suffers from a Denial Of Service due to insufficient naddrttls validation.

CPENameOperatorVersion
conan/c-areslt1.16.0

CPE	Name	Operator	Version
	conan/c-ares	lt	1.16.0

References

lists.fedoraproject.org/archives/list/[email protected]/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/

nodejs.org/en/blog/vulnerability/november-2020-security-releases/

nvd.nist.gov/vuln/detail/CVE-2020-8277

photon 10

nessus 38

altlinux 3

ibm 21

suse 4

fedora 4

veracode 1

osv 6

openvas 15

gentoo 2

ubuntu 1

redhatcve 1

githubexploit 2

cve 1

archlinux 1

nodejsblog 1

hackerone 1

freebsd 2

alpinelinux 1

debiancve 1

cbl_mariner 2

f5 1

prion 1

ubuntucve 1

rosalinux 1

almalinux 2

oraclelinux 2

redhat 4

rocky 2

oracle 5

photon

Important Photon OS Security Update - PHSA-2021-0209

2021-03-23 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0378

2021-04-07 00:00:00

Important Photon OS Security Update - PHSA-2021-0378

2021-04-07 00:00:00

nessus

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2021-1920)

2021-06-03 00:00:00

Fedora 32 : mingw-c-ares (2021-afed2b904e)

2021-02-25 00:00:00

openSUSE Security Update : c-ares (openSUSE-2020-2045)

2020-11-30 00:00:00

altlinux

Security fix for the ALT Linux 9 package node version 14.15.1-alt1

2020-11-26 00:00:00

Security fix for the ALT Linux 10 package node version 14.15.1-alt1

2020-11-16 00:00:00

Security fix for the ALT Linux 9 package c-ares version 1.16.1-alt2

2020-11-19 00:00:00

ibm

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)

2021-03-06 17:41:55

Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

2020-12-15 18:47:16

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a denial of service attack through a DNS lookup that returns a large number of responses (CVE-2020-8277)

2021-04-29 11:10:23

suse

Security update for c-ares (moderate)

2020-11-28 00:00:00

Security update for c-ares (moderate)

2020-11-26 00:00:00

Security update for nodejs14 (moderate)

2021-01-15 00:00:00

fedora

[SECURITY] Fedora 32 Update: mingw-c-ares-1.17.1-1.fc32

2021-02-24 20:46:53

[SECURITY] Fedora 33 Update: c-ares-1.17.0-1.fc33

2020-11-28 02:04:28

[SECURITY] Fedora 33 Update: mingw-c-ares-1.17.1-1.fc33

2021-02-24 20:42:29

veracode

Denial Of Service (DoS)

2020-12-02 09:51:12

osv

BIT-node-2020-8277

2024-03-06 11:07:32

CVE-2020-8277

2020-11-19 01:15:12

Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

openvas

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-1756)

2021-04-13 00:00:00

Fedora: Security Advisory for c-ares (FEDORA-2020-307e873389)

2020-12-04 00:00:00

Fedora: Security Advisory for mingw-c-ares (FEDORA-2021-ee913722db)

2021-02-25 00:00:00

gentoo

c-ares: Denial of service

2020-12-23 00:00:00

NodeJS: Multiple vulnerabilities

2021-01-11 00:00:00

ubuntu

c-ares vulnerability

2020-11-19 00:00:00

redhatcve

CVE-2020-8277

2020-11-17 14:43:07

githubexploit

Exploit for Uncontrolled Resource Consumption in Nodejs Node.Js

2020-11-18 10:57:13

Exploit for Uncontrolled Resource Consumption in Nodejs Node.Js

2021-07-10 20:42:11

cve

CVE-2020-8277

2020-11-19 01:15:00

archlinux

[ASA-202011-18] c-ares: denial of service

2020-11-19 00:00:00

nodejsblog

November 2020 Security Releases

2020-11-16 00:00:00

hackerone

Node.js: DNS Max Responses for DOS

2020-11-12 18:32:25

freebsd

Node.js -- November 2020 Security Releases

2020-11-16 00:00:00

MySQL -- Multiple vulnerabilities

2021-04-20 00:00:00

alpinelinux

CVE-2020-8277

2020-11-19 01:15:00

debiancve

CVE-2020-8277

2020-11-19 01:15:00

cbl_mariner

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

2024-04-25 21:07:32

CVE-2020-8277 affecting package c-ares 1.14.0-3

2021-04-06 23:50:04

K07944249 : Node.js vulnerability CVE-2020-8277

2021-02-24 00:00:00

prion

Cross site request forgery (csrf)

2020-11-19 01:15:00

ubuntucve

CVE-2020-8277

2020-11-17 00:00:00

rosalinux

Advisory ROSA-SA-2021-1811

2021-07-02 16:34:46

almalinux

Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

oraclelinux

nodejs:12 security and bug fix update

2020-12-17 00:00:00

nodejs:14 security and bug fix update

2021-02-20 00:00:00

redhat

(RHSA-2020:5499) Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

(RHSA-2020:5305) Moderate: rh-nodejs12-nodejs security update

2020-12-01 14:18:32

(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

rocky

nodejs:12 security and bug fix update

2020-12-15 16:03:21

nodejs:14 security and bug fix update

2021-02-16 07:34:42

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Related for GITLAB-3ABBDB911ADD0E0B84EE2B79B6A00304