Published: 24/07/2020 Updated: 12/05/2022

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
oracle banking extensibility workbench 14.4.0
oracle banking extensibility workbench 14.3.0
oracle retail xstore point of service 16.0.6
oracle retail xstore point of service 17.0.4
oracle retail xstore point of service 18.0.3
oracle retail xstore point of service 19.0.2
oracle retail xstore point of service 20.0.1
oracle mysql cluster
oracle blockchain platform
netapp snapcenter -
netapp oncommand workflow automation -
netapp oncommand insight -
netapp active iq unified manager -

Debian Bug report logs - #962145 nodejs: CVE-2020-11080 CVE-2020-8172 CVE-2020-8174 (June 2020 security release) Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Jun 2020 1 ...

Two vulnerabilities were discovered in Nodejs, which could result in denial of service and potentially the execution of arbitrary code For the stable distribution (buster), these problems have been fixed in version 10210~dfsg-1~deb10u1 We recommend that you upgrade your nodejs packages For the detailed security status of nodejs please refer t ...

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Synopsis Moderate: OpenShift Container Platform 458 security update Type/Severity Security Advisory: Moderate Topic An update for cluster-network-operator-container, cluster-version-operator-container, elasticsearch-operator-container, logging-kibana6-container, and ose-cluster-svcat-controller-manager-op ...

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: nodejs:12 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Synopsis Important: nodejs:12 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: nodejs:10 security update Type/Severity Security Advisory: Important Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Com ...

Synopsis Important: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Important Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Critical Infrastructure Sectors: Energy

Prometheus Exporter for ECR Image Scan Findings

aws-ecr-image-scan-findings-prometheus-exporter Prometheus Exporter for ECR Image Scan Findings Preparation Copy envrcsample to envrc and load them $ cp envrcsample envrc # edit it if needed # source envrc name default required description AWS_API_INTERVAL 300 false Duration time to call AWS API (in seconds) IMAGE_TAGS -

CWE-191 https://hackerone.com/reports/784186 https://www.oracle.com/security-alerts/cpuoct2020.html https://security.netapp.com/advisory/ntap-20201023-0003/https://security.gentoo.org/glsa/202101-07 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145 https://nvd.nist.gov https://github.com/chaspy/aws-ecr-image-scan-findings-prometheus-exporter https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-02 https://www.debian.org/security/2020/dsa-4696

CVE-2020-8174

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect