CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7384
https://notcve.org/view.php?id=CVE-2015-7384
10 Oct 2017 — Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. Node.js 4.0.0, 4.1.0 y 4.1.1 permite que atacantes remotos provoquen una denegación de servicio. • http://www.securityfocus.com/bid/101260 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2015-2927
https://notcve.org/view.php?id=CVE-2015-2927
20 Sep 2017 — node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). node en su versión 0.3.2 y URONode en versiones anteriores a la 1.0.5r3 permite que los atacantes remotos provoquen una denegación de servicio (consumo de ancho de banda). • http://www.openwall.com/lists/oss-security/2015/04/06/3 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 100EXPL: 0CVE-2017-11499 – nodejs: Constant Hashtable Seeds vulnerability
https://notcve.org/view.php?id=CVE-2017-11499
25 Jul 2017 — Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Node.js versión v4.0 hasta v4.8.3, todas las versiones de v5.x, versión v6.0 hasta v6.11.0, versión v7.0 hasta v7.10.0, y ... • http://www.securityfocus.com/bid/99959 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
07 Jul 2017 — The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. It was discovered that c-ares i... • http://www.securityfocus.com/bid/99148 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 14%CPEs: 22EXPL: 0CVE-2017-3731 – Truncated packet could crash via OOB read
https://notcve.org/view.php?id=CVE-2017-3731
26 Jan 2017 — If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. Si un servidor o cliente SSL/TLS se ejecuta en un hos... • http://rhn.redhat.com/errata/RHSA-2017-0286.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 5%CPEs: 21EXPL: 0CVE-2017-3732 – BN_mod_exp may produce incorrect results on x86_64
https://notcve.org/view.php?id=CVE-2017-3732
26 Jan 2017 — There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources requi... • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9772
https://notcve.org/view.php?id=CVE-2014-9772
23 Jan 2017 — The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. El paquete validator en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de caracteres hex codificados. • http://www.openwall.com/lists/oss-security/2016/04/20/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8855
https://notcve.org/view.php?id=CVE-2015-8855
23 Jan 2017 — The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." El paquete semver en versiones anteriores a 4.3.2 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de una cadena de versión larga, vulnerabilidad también conocida como "denegación de servicio de expresión regular (ReDoS)". • http://www.openwall.com/lists/oss-security/2016/04/20/11 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8860
https://notcve.org/view.php?id=CVE-2015-8860
23 Jan 2017 — The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. El paquete tar en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos ercribir archivos arbitrarios a través de un ataque de enlace simbólico en un archivo. • http://www.openwall.com/lists/oss-security/2016/04/20/11 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7451
https://notcve.org/view.php?id=CVE-2013-7451
23 Jan 2017 — The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro XSS a través de una etiqueta anidada. • http://www.openwall.com/lists/oss-security/2016/04/20/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •