Lucene search
+L

159 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2021/01/15 12:0 a.m.56 views

Security update for nodejs12 (moderate)

openSUSE Security Update: Security update for nodejs12 Announcement ID: openSUSE-SU-2021:0064-1 Rating: moderate References: 1178882 1179491 1180553 1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes four...

8.1CVSS6.5AI score0.54164EPSS
Exploits6References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 6:47 p.m.42 views

Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

Summary Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a...

7.5CVSS1AI score0.54164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/11 4:3 p.m.48 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js vulnerability

Summary IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2020-8277 Vulnerability Details CVEID: CVE-2020-8277 DESCRIPTION: Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could...

7.5CVSS0.7AI score0.54164EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : c-ares (SUSE-SU-2020:3478-1)

This update for c-ares fixes the following issues : Version update to 1.17.0 - CVE-2020-8277: Fixed a Denial of Service through DNS request bsc1178882 - For further details see https://c-ares.haxx.se/changelog.html Note that Tenable Network Security has extracted the preceding description block...

7.5CVSS7.5AI score0.54164EPSS
Exploits0References5
Veracode
Veracode
added 2020/12/02 9:51 a.m.38 views

Denial Of Service (DoS)

Node.js is vulnerable to Denial of Service. An attacker may trigger Denial of Service by sending DNS request and getting the application to resolve a DNS record with a larger number of response...

7.5CVSS2.9AI score0.54164EPSS
Exploits0References19Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/11/30 12:0 a.m.43 views

openSUSE Security Update : c-ares (openSUSE-2020-2045)

This update for c-ares fixes the following issues : - Version update to 1.17.0 - CVE-2020-8277: Fixed a Denial of Service through DNS request bsc1178882 - For further details see https://c-ares.haxx.se/changelog.html This update was imported from the SUSE:SLE-15:Update update project. C Tenable...

7.5CVSS7.5AI score0.54164EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/11/28 12:0 a.m.42 views

Security update for c-ares (moderate)

openSUSE Security Update: Security update for c-ares Announcement ID: openSUSE-SU-2020:2092-1 Rating: moderate References: 1178882 Cross-References: CVE-2020-8277 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for c-ares fix...

7.5CVSS6.9AI score0.54164EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2020/11/26 12:0 a.m.112 views

Security fix for the ALT Linux 9 package node version 14.15.1-alt1

14.15.1-alt1 built Nov. 26, 2020 Vitaly Lipatov in task 261957 Nov. 16, 2020 Vitaly Lipatov - new version 14.15.1 with rpmrb script - set c-ares = 1.16.1-alt2 - CVE-2020-8277: Denial of Service through DNS request High...

5CVSS7.7AI score0.54164EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2020/11/26 12:0 a.m.38 views

Security update for c-ares (moderate)

openSUSE Security Update: Security update for c-ares Announcement ID: openSUSE-SU-2020:2045-1 Rating: moderate References: 1178882 Cross-References: CVE-2020-8277 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for c-ares fix...

7.5CVSS6.9AI score0.54164EPSS
Exploits0References1
OSV
OSV
added 2020/11/19 1:15 a.m.27 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.5CVSS6.4AI score
Exploits0References13
Prion
Prion
added 2020/11/19 1:15 a.m.32 views

Cross site request forgery (csrf)

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

5CVSS7.1AI score0.54164EPSS
Exploits0References13Affected Software8
Debian CVE
Debian CVE
added 2020/11/19 12:32 a.m.32 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.5CVSS7.2AI score0.54164EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/11/19 12:32 a.m.77 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.5CVSS7.6AI score0.54164EPSS
Exploits0
Cvelist
Cvelist
added 2020/11/19 12:32 a.m.27 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.4AI score0.54164EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2020/11/17 2:43 p.m.32 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.5CVSS7.4AI score0.54164EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2020/11/17 12:0 a.m.27 views

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions 15.2.1, 14.15.1, and 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and...

7.5CVSS6.9AI score0.54164EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2020/11/16 12:0 a.m.40 views

Node.js -- November 2020 Security Releases

Node.js reports: Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of...

7.5CVSS2.4AI score0.54164EPSS
Exploits0References1
Node JS Blog
Node JS Blog
added 2020/11/16 12:0 a.m.46 views

November 2020 Security Releases

November 2020 Security Releases Update 16-Nov-2020 Security releases available Updates are now available for v12.x, v14.x and v15.x Node.js release lines for the following issues. Denial of Service through DNS request CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS...

7.5CVSS7AI score0.54164EPSS
Exploits0
Hacker One
Hacker One
added 2020/05/15 9:14 a.m.103 views

curl: Partial password leak over DNS on HTTP redirect

Summary: From version 7.62 curl and curllib leaks part of user credentials in the plain text DNS request. This happens if the server makes redirect, both 301 and 302 to a relative path eg header 'Location: /login'. It is NOT an issue in case of absolute redirection eg header 'Location:...

5CVSS7.6AI score0.03427EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2020/04/09 9:15 a.m.37 views

CVE-2016-2776

A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet...

7.8CVSS3.3AI score0.89482EPSS
Exploits7References2
Rows per page
Query Builder