Количество 40
Количество 40
CVE-2020-7598
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-7598
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
CVE-2020-7598
minimist before 1.2.2 could be tricked into adding or modifying proper ...
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
CVE-2020-11080
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...
GHSA-vh95-rmgr-6w4m
Prototype Pollution in minimist
BDU:2021-02868
Уязвимость библиотеки minimist прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю реализовать атаку типа «загрязнение прототипа»
openSUSE-SU-2021:0468-1
Security update for nghttp2
SUSE-SU-2021:0931-1
Security update for nghttp2
SUSE-SU-2021:0930-1
Security update for nghttp2
RLSA-2020:2755
Important: nghttp2 security update
ELSA-2020-2755
ELSA-2020-2755: nghttp2 security update (IMPORTANT)
BDU:2020-04461
Уязвимость библиотеки nghttp2, связанная с ошибками при использовании выделенной памяти при обработке пакетов HTTP/2 SETTINGS, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2021:0932-1
Security update for nghttp2
ELSA-2020-5807
ELSA-2020-5807: GraalVM Security update (IMPORTANT)
ELSA-2020-5806
ELSA-2020-5806: GraalVM Security update (IMPORTANT)
ELSA-2020-5765
ELSA-2020-5765: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-7598 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | CVSS3: 5.6 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-7598 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. | CVSS3: 5.6 | 0% Низкий | больше 5 лет назад |
| CVE-2020-7598 minimist before 1.2.2 could be tricked into adding or modifying proper ... | CVSS3: 5.6 | 0% Низкий | больше 5 лет назад |
 | CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | CVSS3: 3.7 | 1% Низкий | около 5 лет назад |
| CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | CVSS3: 7.5 | 1% Низкий | около 5 лет назад |
| CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | CVSS3: 3.7 | 1% Низкий | около 5 лет назад |
 | CVSS3: 7.5 | 1% Низкий | почти 5 лет назад | |
| CVE-2020-11080 In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ... | CVSS3: 3.7 | 1% Низкий | около 5 лет назад |
| GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist | CVSS3: 5.6 | 0% Низкий | около 5 лет назад |
 | BDU:2021-02868 Уязвимость библиотеки minimist прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю реализовать атаку типа «загрязнение прототипа» | CVSS3: 5.6 | 0% Низкий | около 4 лет назад |
 | openSUSE-SU-2021:0468-1 Security update for nghttp2 | 1% Низкий | около 4 лет назад | |
| SUSE-SU-2021:0931-1 Security update for nghttp2 | 1% Низкий | около 4 лет назад | |
| SUSE-SU-2021:0930-1 Security update for nghttp2 | 1% Низкий | около 4 лет назад | |
 | RLSA-2020:2755 Important: nghttp2 security update | 1% Низкий | почти 5 лет назад | |
| ELSA-2020-2755 ELSA-2020-2755: nghttp2 security update (IMPORTANT) | почти 5 лет назад | ||
| BDU:2020-04461 Уязвимость библиотеки nghttp2, связанная с ошибками при использовании выделенной памяти при обработке пакетов HTTP/2 SETTINGS, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 1% Низкий | около 5 лет назад |
| SUSE-SU-2021:0932-1 Security update for nghttp2 | около 4 лет назад | ||
| ELSA-2020-5807 ELSA-2020-5807: GraalVM Security update (IMPORTANT) | почти 5 лет назад | ||
| ELSA-2020-5806 ELSA-2020-5806: GraalVM Security update (IMPORTANT) | почти 5 лет назад | ||
| ELSA-2020-5765 ELSA-2020-5765: Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update (IMPORTANT) | почти 5 лет назад |
Уязвимостей на страницу