159 matches found
Security update for nodejs12 (moderate)
openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:0064-1 Rating: moderate References: 1178882 1179491 1180553 1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes four...
Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability
Summary Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability
Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-8277 Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could...
SUSE SLED15 / SLES15 Security Update : c-ares (SUSE-SU-2020:3478-1)
This update for c-ares fixes the following issues : Version update to 1.17.0 - CVE-2020-8277: Fixed a Denial of Service through DNS request bsc1178882 - For further details see https://c-ares.haxx.se/changelog.html Note that Tenable Network Security has extracted the preceding description block...
Denial Of Service (DoS)
Node.js is vulnerable to Denial of Service. An attacker may trigger Denial of Service by sending DNS request and getting the application to resolve a DNS record with a larger number of response...
openSUSE Security Update : c-ares (openSUSE-2020-2045)
This update for c-ares fixes the following issues : - Version update to 1.17.0 - CVE-2020-8277: Fixed a Denial of Service through DNS request bsc1178882 - For further details see https://c-ares.haxx.se/changelog.html This update was imported from the SUSE:SLE-15:Update update project. C Tenable...
Security update for c-ares (moderate)
openSUSE Security Update: Security update for c-ares Announcement ID: openSUSE-SU-2020:2092-1 Rating: moderate References: 1178882 Cross-References: CVE-2020-8277 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for c-ares fix...
Security fix for the ALT Linux 9 package node version 14.15.1-alt1
14.15.1-alt1 built Nov. 26, 2020 Vitaly Lipatov in task 261957 Nov. 16, 2020 Vitaly Lipatov - new version 14.15.1 with rpmrb script - set c-ares = 1.16.1-alt2 - CVE-2020-8277: Denial of Service through DNS request High...
Security update for c-ares (moderate)
openSUSE Security Update: Security update for c-ares Announcement ID: openSUSE-SU-2020:2045-1 Rating: moderate References: 1178882 Cross-References: CVE-2020-8277 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for c-ares fix...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
Cross site request forgery (csrf)
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...
Node.js -- November 2020 Security Releases
Node.js reports: Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of...
November 2020 Security Releases
November 2020 Security Releases Update 16-Nov-2020 Security releases available Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS...
curl: Partial password leak over DNS on HTTP redirect
Summary: From version 7.62 curl and curllib leaks part of user credentials in the plain text DNS request. This happens if the server makes redirect, both 301 and 302 to a relative path eg header 'Location: /login'. It is NOT an issue in case of absolute redirection eg header 'Location:...
CVE-2016-2776
A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet...