Lucene search
K

34 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2020-8201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by a...

7.4CVSS6.7AI score0.05093EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8201

Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture ...

5.6CVSS6.9AI score0.05093EPSS
Exploits0References6
ICS
ICS
added 2022/08/30 12:0 a.m.53 views

Hitachi Energy Gateway Station (GWS) Product

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Gateway Station GWS Product Vulnerability: Inconsistent Interpretation of HTTP Requests, Use After Free, Classic Buffer Overflow, Integer Underflow, Improper Certificate...

4.3CVSS7.9AI score0.04803EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/07 6:16 p.m.38 views

Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)

Summary Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attack...

7.8CVSS0.9AI score0.54164EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2020:2813-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.05093EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2020:2812-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.4AI score0.05093EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 12:42 a.m.55 views

Security Bulletin: IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures

Summary IBM Cloud Pak for Applications 4.3 nodejs and nodejs-express Appsody stacks is vulnerable to information disclosure, buffer overflow and prototype pollution exposures CVE-2020-15095, CVE-2020-8116, CVE-2020-8201 and CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-15095 DESCRIPTION:...

7.8CVSS1.6AI score0.05093EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/26 3:33 p.m.39 views

Security Bulletin: IBM Cloud Private is vulnerable to Node.js vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251)

Summary IBM Cloud Private is vulnerable to Node.js vulnerabilities Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attacker could exploit this...

7.8CVSS0.8AI score0.08794EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.38 views

CentOS 8 : nodejs:12 (CESA-2020:4272)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4272 advisory. - npm: sensitive information exposure through logs CVE-2020-15095 - nodejs-dot-prop: prototype pollution CVE-2020-8116 - nodejs: HTTP request smuggling...

7.8CVSS7.4AI score0.05093EPSS
Exploits1References5
Amazon
Amazon
added 2021/01/07 12:0 a.m.130 views

Important: libuv

Issue Overview: Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on t...

7.5CVSS6.4AI score0.08794EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/07 12:0 a.m.59 views

Amazon Linux 2 : libuv (ALAS-2021-1581)

The version of libuv installed on the remote host is prior to 1.39.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1581 advisory. Node.js 12.18.4 and 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting...

7.5CVSS6.8AI score0.08794EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/04 2:37 p.m.33 views

Security Bulletin: Vulnerability in Node.js affects IBM Netcool Agile Service Manager

Summary A vulnerability in Node.js used by IBM Netcool Agile Service Manager has been identified. Netcool Agile Service Manager has addressed the CVE. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By...

7.8CVSS1.4AI score0.08794EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/18 3:33 p.m.46 views

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to the WebSphere Liberty server, to Node.js runtime and modules and to other open source packages. Vulnerability Details CVEID: CVE-2019-7619 DESCRIPTION: Elastic Elasticsearch could allow a remote attacker to obtain sensitive information, caused by a flaw ...

8.8CVSS0.8AI score0.08794EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 5:52 p.m.30 views

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Managed Service and Infrastructure Management Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending speciall...

7.8CVSS0.8AI score0.05093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 1:19 p.m.24 views

Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to buffer overflows, Denial of Service or HTTP request smuggling

Summary App Connect Enterprise Certified Container when running Desginer flows may be vulnerable to Denial of Service via to CVE-2020-8237, HTTP request smuggling via CVE-2020-8201 or buffer overflows via CVE-2020-8252. Vulnerability Details CVEID: CVE-2020-8237 DESCRIPTION: Node.js json-bigint...

7.8CVSS1.2AI score0.05093EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/14 3:16 p.m.43 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities.

Summary IBM Cloud Transformation Advisor has addressed the following vulnerabilities: CVE-2020-8251, CVE-2020-8201, CVE-2020-8252 Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests submission. An...

7.8CVSS0.8AI score0.08794EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/14 12:0 a.m.42 views

Fedora 33 : 1:nodejs (2020-43d5a372fc)

Update to 14.15.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

8.8CVSS6.9AI score0.08794EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.36 views

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:2812-1)

This update for nodejs12 fixes the following issues : nodejs12 was updated to 12.18.4 LTS : - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...

7.8CVSS7.2AI score0.05093EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2020/11/12 9:44 a.m.95 views

Moderate: Red Hat Security Advisory: rh-nodejs12-nodejs security update

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.8AI score0.05093EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/05 9:9 a.m.39 views

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)

Summary Node.js is vulnerable to HTTP request smuggling and to a buffer overflow which can affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP...

7.8CVSS1.6AI score0.05093EPSS
Exploits0Affected Software1
Rows per page
Query Builder