55 matches found
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is available...
Rocky Linux 8 : nodejs:14 (RLSA-2021:0551)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0551 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...
Rocky Linux 8 : nodejs:12 (RLSA-2020:5499)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5499 advisory. - An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows...
BELL-CVE-2020-8277 CVE-2020-8277 does not affect BellSoft software
Bulletin has no description...
K07944249: Node.js vulnerability CVE-2020-8277
Security Advisory Description A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:5305)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5305 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Security Bulletin: Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities (CVE-2020-8201, CVE-2020-8252, CVE-2020-8251, CVE-2020-8277)
Summary Node.js as used by IBM Security QRadar Packet Capture contains multiple vulnerabilities. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted HTTP request headers, an attack...
F5 Networks BIG-IP : Node.js vulnerability (K07944249)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.4 / 15.1.4.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K07944249 advisory. - A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could...
SUSE: Security Advisory (SUSE-SU-2021:0061-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3549-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2021:0062-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to a denial of service attack through a DNS lookup that returns a large number of responses (CVE-2020-8277)
Summary An App Connect Enterprise flow could trigger a denial of service if made to resolve a DNS lookup for an endpoint that returns a large number of responses Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to...
openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:0066-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2021-1756)
According to the version of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service i...
EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2021-1710)
According to the version of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service i...
Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-1756)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2021-1099 c-ares security update
This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple. Security Fixes: A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Deni...
Security Bulletin: Streams Flows might be affected by some underlying Node.js vulnerabilities
Summary Streams Flows might be affected by some underlying Node.js vulnerabilities. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit...
Security Bulletin: IBM Watson OpenScale on Cloud Pak for Data is impacted by CVE-2020-8277
Summary IBM Watson OpenScale on Cloud Pak for Data has addressed CVE-2020-8277. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit thi...
Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerabili...