CVE-2016-3956
https://notcve.org/view.php?id=CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones anteriores a 4.4.2 y 5 en versiones anteriores a 5.10.0, incluye tokens portadores con peticiones arbitrarias, lo que permite a servidores HTTP remotos obtener información sensible leyendo cabeceras de autorización. • http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability http://www-01.ibm.com/support/docview.wss?uid=swg21980827 https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 https://github.com/npm/npm/issues/8380 https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4469 – OpenJDK Hotspot verifier heap corruption (6878713)
https://notcve.org/view.php?id=CVE-2010-4469
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones remotas Java Web Start no confiables y subprogramas Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con HotSpot. NOTA: la información previa fue obtenida de febrero 2011 CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/43350 http://secunia.com/advisories/49198 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa •
CVE-2010-4447 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4447
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones Java Web Start remotas no confiables y applets de Java no confiables afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment, una vulnerabilidad diferente a CVE-2010-4475. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/erra •
CVE-2010-4454 – JDK unspecified vulnerability in Sound component
https://notcve.org/view.php?id=CVE-2010-4454
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Sound y APIs no especificadas, una vulnerabilidad diferente a CVE-2010-4462 y CVE-2010-4473. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html http://www •
CVE-2010-4448 – OpenJDK DNS cache poisoning by untrusted applets (6981922)
https://notcve.org/view.php?id=CVE-2010-4448
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones remotas Java Web Start no confiables y subprogramas Java no confiables afectar a la integridad a través de vectores desconocidos relacionados con Networking. NOTA: la información previa fue obtenida de febrero 2011 CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisor •