Page 12 of 107 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/102118 http://www.securitytracker.com/id/1039978 https://access.redhat.com/errata/RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 7%CPEs: 23EXPL: 0

Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. Node.js en versiones anteriores a la 4.8.5, las versiones 6.x anteriores a la 6.11.5 y las versiones 8.x anteriores a la 8.8.0 permiten que atacantes remotos provoquen una denegación de servicio (excepción no detectada y cierre inesperado) aprovechando un cambio en el módulo zlib, versión 1.2.9, que hace que 8 sea un valor no válido para el parámetro windowsBits. • http://www.securityfocus.com/bid/101881 https://nodejs.org/en/blog/release/v4.8.5 https://nodejs.org/en/blog/release/v6.11.5 https://nodejs.org/en/blog/release/v8.8.0 https://nodejs.org/en/blog/vulnerability/oct-2017-dos • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. Vulnerabilidad de salto de directorio en el módulo st en versiones anteriores a la 0.2.5 para Node.js permite que atacantes remotos lean archivos arbitrarios mediante un %2e%2e (punto punto de manera codificada) en una ruta no especificada. • http://www.openwall.com/lists/oss-security/2014/05/13/1 http://www.openwall.com/lists/oss-security/2014/05/15/2 http://www.securityfocus.com/bid/67389 https://github.com/isaacs/st https://nodesecurity.io/advisories/st_directory_traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. Node.js 4.0.0, 4.1.0 y 4.1.1 permite que atacantes remotos provoquen una denegación de servicio. • http://www.securityfocus.com/bid/101260 https://bugzilla.redhat.com/show_bug.cgi?id=1268791 https://github.com/nodejs/node/issues/3138 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 95%CPEs: 1EXPL: 0

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. Node.js en versiones 8.5.0 anteriores a la 8.6.0 permite que los atacantes remotos accedan a archivos a los que no se debería acceder porque un cambio en el modo de manejar los ".." sería incompatible con el esquema de validación de nombres de ruta utilizado por módulos sin especificar de la comunidad. • http://www.securityfocus.com/bid/101056 https://nodejs.org/en/blog/vulnerability/september-2017-path-validation https://twitter.com/nodejs/status/913131152868876288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •