Lucene search
+L

321 matches found

RedHat Linux
RedHat Linux
added 2020/07/07 5:48 p.m.9 views

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/07/07 9:14 a.m.43 views

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/07/07 12:0 a.m.50 views

RHEL 8 : nodejs:12 (RHSA-2020:2847)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2847 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.3CVSS7.7AI score0.07646EPSS
Exploits4References10
Tenable Nessus
Tenable Nessus
added 2020/06/18 12:0 a.m.52 views

SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:1606-1)

This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.18.0 CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc1172441...

9.3CVSS7.4AI score0.07646EPSS
Exploits4References14
OSV
OSV
added 2020/06/11 10:10 a.m.11 views

SUSE-SU-2020:1606-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.18.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc117244...

9.3CVSS6.9AI score0.07646EPSS
Exploits4References10
NVD
NVD
added 2020/06/08 2:15 p.m.25 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS7.5AI score0.06065EPSS
Exploits1References9
OSV
OSV
added 2020/06/08 2:15 p.m.5 views

ALPINE-CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS6.9AI score0.06065EPSS
Exploits1References1
OSV
OSV
added 2020/06/08 2:15 p.m.28 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS6.5AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2020/06/08 2:15 p.m.36 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS6.9AI score0.06065EPSS
Exploits1References4
Prion
Prion
added 2020/06/08 2:15 p.m.30 views

Design/Logic Flaw

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

5.8CVSS7.3AI score0.06065EPSS
Exploits1References9Affected Software5
OSV
OSV
added 2020/06/08 2:15 p.m.6 views

UBUNTU-CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS6.9AI score0.06065EPSS
Exploits1References5
CVE
CVE
added 2020/06/08 1:8 p.m.214 views

CVE-2020-8172

CVE-2020-8172 affects Node.js TLS session reuse that can bypass host certificate verification in Node.js versions prior to 12.18.0 and 14.4.0. Connected advisories confirm the issue and indicate remediation via upgrading Node.js to patched releases. The ALSA advisory notes the security fix upgrad...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2020/06/08 1:8 p.m.37 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS8AI score0.06065EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2020/06/08 1:8 p.m.39 views

CVE-2020-8172

TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...

7.4CVSS7.6AI score0.06065EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2020/05/20 5:35 p.m.6 views

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/20 4:46 p.m.6 views

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/20 4:26 p.m.6 views

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References4
OSV
OSV
added 2020/05/18 2:15 p.m.5 views

CVE-2020-12258

rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259...

9.1CVSS6.3AI score0.01708EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/04/22 9:16 a.m.5 views

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/21 4:34 p.m.6 views

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

5.3CVSS6.7AI score0.04948EPSS
Exploits0References4
Rows per page
Query Builder