CVSS: 7.5EPSS: 93%CPEs: 32EXPL: 1CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
03 Dec 2015 — crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RS... • https://github.com/Trinadh465/OpenSSL-1_0_1g_CVE-2015-3194 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2015-5380
https://notcve.org/view.php?id=CVE-2015-5380
09 Jul 2015 — The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. La función de Utf8DecoderBase::WriteUtf16Slow en unicode.decoder.cc en Google V8, al igual que como se usa en ... • http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0278 – Mandriva Linux Security Advisory 2015-228
https://notcve.org/view.php?id=CVE-2015-0278
06 May 2015 — libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. libuv anterior a 0.10.34 no cancela correctamente los privilegios de grupo, lo que permite a atacantes dependientes de contexto ganar privilegios a través de vectores no especificados. It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges. The libuv library is bundled with n... • http://advisories.mageia.org/MGASA-2015-0186.html • CWE-273: Improper Check for Dropped Privileges •
CVSS: 10.0EPSS: 28%CPEs: 1EXPL: 2CVE-2014-7192 – Node Browserify 4.2.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-7192
11 Dec 2014 — Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file. Vulnerabilidad de inyección Eval en index.js en el paquete de errores de sintaxis anterior a 1.1.1 para Node.js 0.10.x, utilizado en IBM Rational Application Developer y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de un fichero manipulad... • https://www.exploit-db.com/exploits/34090 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 145EXPL: 1CVE-2013-6668 – v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146
https://notcve.org/view.php?id=CVE-2013-6668
05 Mar 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.10, utilizado en Google Chrome anterior a 33.0.1750.146, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A memory corruption vulnerability, which re... • https://github.com/sdneon/CveTest •