CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7191 – nodejs-qs: Denial-of-Service Memory Exhaustion
https://notcve.org/view.php?id=CVE-2014-7191
19 Oct 2014 — The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. El módulo qs anterior a 1.0.0 en Node.js no llama a la función 'compact' en la matriz de datos, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria) usando un valor largo del index para crear una matriz dispersa. The nodejs-qs module has the ability t... • http://secunia.com/advisories/60026 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 1CVE-2014-6394 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2014-6394
08 Oct 2014 — visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. visionmedia send anterior a 0.8.4 para Node.js utiliza una comparación parcial para verificar si un directorio está dentro del root del documento, lo que permite a atacantes remotos acceder a directorios restringidos, tal y como fue demostrado med... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.4EPSS: 89%CPEs: 28EXPL: 7CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability
https://notcve.org/view.php?id=CVE-2014-0224
05 Jun 2014 — OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el proce... • https://packetstorm.news/files/id/180961 • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •