CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 1CVE-2021-22884 – nodejs: DNS rebinding in --inspect
https://notcve.org/view.php?id=CVE-2021-22884
28 Feb 2021 — Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in ... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-20: Improper Input Validation CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 7.8EPSS: 92%CPEs: 17EXPL: 0CVE-2021-22883 – nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
https://notcve.org/view.php?id=CVE-2021-22883
28 Feb 2021 — Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. N... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2021-23839 – Incorrect SSLv2 rollback protection
https://notcve.org/view.php?id=CVE-2021-23839
16 Feb 2021 — OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this i... • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 38EXPL: 2CVE-2021-23841 – Null pointer deref in X509_issuer_and_serial_hash()
https://notcve.org/view.php?id=CVE-2021-23841
16 Feb 2021 — The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never di... • https://github.com/Trinadh465/external_boringssl_openssl_1.1.0g_CVE-2021-23841 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 67EXPL: 1CVE-2021-23840 – Integer overflow in CipherUpdate
https://notcve.org/view.php?id=CVE-2021-23840
16 Feb 2021 — Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrad... • https://github.com/Trinadh465/openssl-1.1.1g_CVE-2021-23840 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-28928 – Ubuntu Security Notice USN-5990-1
https://notcve.org/view.php?id=CVE-2020-28928
24 Nov 2020 — In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). En musl libc versiones hasta 1.2.1, wcsnrtombs maneja inapropiadamente combinaciones particulares de tamaño de búfer de destino y límite de caracteres de origen, como es demostrado por un acceso de escritura no válido (desbordamiento de búfer) It was discovered that musl did not handle certain i386 math functions proper... • http://www.openwall.com/lists/oss-security/2020/11/20/4 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 3CVE-2020-7774 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2020-7774
17 Nov 2020 — The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. El paquete y18n anterior a las versiones 3.2.2, 4.0.1 y 5.0.5, es vulnerable a la contaminación de prototipos A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality. Red Hat OpenShift Container S... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2019-16775 – Unauthorized File Access in npm CLI before before version 6.13.3
https://notcve.org/view.php?id=CVE-2019-16775
13 Dec 2019 — Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignor... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •