Lucene search
K

303 matches found

OSV
OSV
added 2020/10/19 7:13 a.m.32 views

RLSA-2020:4272 Moderate: nodejs:12 security and bug fix update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.4. Security Fixes: nodejs-dot-prop: prototype pollution CVE-2020-8116 nodejs:...

7.8CVSS7.5AI score0.05093EPSS
Exploits1References6
Veracode
Veracode
added 2020/09/24 10:38 a.m.34 views

Buffer Overflow

The implementation of realpath used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS3.3AI score0.00714EPSS
Exploits0References9Affected Software5
OSV
OSV
added 2020/09/18 9:15 p.m.1 views

DEBIAN-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS6.7AI score0.00714EPSS
Exploits0References1
NVD
NVD
added 2020/09/18 9:15 p.m.25 views

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS0.00714EPSS
Exploits0References8
OSV
OSV
added 2020/09/18 9:15 p.m.4 views

ALPINE-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS7.4AI score0.00714EPSS
Exploits0References1
Prion
Prion
added 2020/09/18 9:15 p.m.27 views

Buffer overflow

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

4.6CVSS7.7AI score0.00714EPSS
Exploits0References8Affected Software3
UbuntuCve
UbuntuCve
added 2020/09/18 9:15 p.m.32 views

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS7AI score0.00714EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/09/18 8:11 p.m.28 views

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.9AI score0.00714EPSS
Exploits0References8
CVE
CVE
added 2020/09/18 8:11 p.m.306 views

CVE-2020-8252

CVE-2020-8252: Node.js uses libuv realpath.native with incorrect bounds checking, causing a buffer overflow when the resolved path exceeds 256 bytes. Affected libuv implementations are <10.22.1, <12.18.4, and

7.8CVSS7.9AI score0.00714EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2020/09/18 8:11 p.m.62 views

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS8AI score0.00714EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/09/18 8:11 p.m.29 views

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS6.8AI score0.00714EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/09/16 2:18 a.m.43 views

CVE-2020-8252

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7.8CVSS3.5AI score0.00714EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2020/09/08 12:0 a.m.52 views

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

7.8CVSS1.5AI score0.08794EPSS
Exploits0References1
Hacker One
Hacker One
added 2020/08/24 3:18 p.m.169 views

Node.js: `fs.realpath.native` on darwin may cause buffer overflow

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: The libuv's implementation of...

4.6CVSS0.2AI score0.00714EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/28 3:31 p.m.5 views

exiv2: buffer overflow in samples/geotag.cpp

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

8.1CVSS6.3AI score0.01433EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.12 views

PT-2020-20060 · Node.Js +8 · Libuv +8

Name of the Vulnerable Software and Affected Versions: libuv versions prior to 10.22.1 libuv versions prior to 12.18.4 libuv versions prior to 14.9.0 Description: The issue arises from the incorrect determination of buffer size in the realpath implementation within libuv, which is used by Node.js...

9.8CVSS7AI score0.77385EPSS
Exploits33References259
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.20 views

openSUSE: Security Advisory for samba (openSUSE-SU-2019:1755-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.9AI score0.02179EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/16 3:18 a.m.28 views

Arbitrary Code Execution

GNU C Library is vulnerable to arbitrary code execution attacks. This occurs in the stdlib/canonicalize.c when processing very long pathname arguments to the realpath function which may encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and potentially...

9.8CVSS9.6AI score0.074EPSS
Exploits0References33Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.35 views

openSUSE Security Update : glibc (openSUSE-2019-539)

This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the...

9.8CVSS7.7AI score0.074EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.32 views

EulerOS Virtualization 2.5.2 : glibc (EulerOS-SA-2019-1086)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the...

9.8CVSS8.8AI score0.074EPSS
Exploits0References2
Rows per page
Query Builder