A Node.js application that allows an malicious user to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
fedoraproject fedora 33
CVE-2020-8277 For educational purposes only Quick Run # clone this repository $ git clone githubcom/masahiro331/CVE-2020-8277 # run bind $ docker build -t bind-local /bind # Need TCP fallback $ docker run --rm --name bind -it -p 53:53 -p 53:53/udp bind # use "< v1521" version # If you use fixed version, build node $ git clone githubcom
PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android