Page 22 of 151 results (0.009 seconds)

CVSS: 7.5EPSS: 95%CPEs: 1EXPL: 0

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. Node.js en versiones 8.5.0 anteriores a la 8.6.0 permite que los atacantes remotos accedan a archivos a los que no se debería acceder porque un cambio en el modo de manejar los ".." sería incompatible con el esquema de validación de nombres de ruta utilizado por módulos sin especificar de la comunidad. • http://www.securityfocus.com/bid/101056 https://nodejs.org/en/blog/vulnerability/september-2017-path-validation https://twitter.com/nodejs/status/913131152868876288 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). node en su versión 0.3.2 y URONode en versiones anteriores a la 1.0.5r3 permite que los atacantes remotos provoquen una denegación de servicio (consumo de ancho de banda). • http://www.openwall.com/lists/oss-security/2015/04/06/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013 https://bugzilla.redhat.com/show_bug.cgi?id=1209781 https://support.f5.com/csp/article/K64462543?utm_source=f5support&amp%3Butm_medium=RSS • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 0%CPEs: 100EXPL: 0

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Node.js versión v4.0 hasta v4.8.3, todas las versiones de v5.x, versión v6.0 hasta v6.11.0, versión v7.0 hasta v7.10.0, y versión v8.0 hasta v8.1.3, fue susceptible a ataques DoS remotos de inundación de hash ya que el seed HashTable fue constante en una versión dada de Node.js. Esto fue el resultado de la compilación con instantáneas V8 habilitadas por defecto, lo que causó que el seed aleatorizado inicialmente se sobrescribiera en el arranque. It was found that Node.js was using a non-randomized seed when populating hash tables. • http://www.securityfocus.com/bid/99959 https://access.redhat.com/errata/RHSA-2017:2908 https://access.redhat.com/errata/RHSA-2017:3002 https://nodejs.org/en/blog/vulnerability/july-2017-security-releases https://access.redhat.com/security/cve/CVE-2017-11499 https://bugzilla.redhat.com/show_bug.cgi?id=1475327 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. • http://www.securityfocus.com/bid/99148 https://c-ares.haxx.se/0616.patch https://c-ares.haxx.se/adv_20170620.html https://access.redhat.com/security/cve/CVE-2017-1000381 https://bugzilla.redhat.com/show_bug.cgi?id=1463132 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/95814 http://www.securitytracker.com/id/1037717 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •