Page 5 of 43 results (0.017 seconds)

CVSS: 8.8EPSS: 0%CPEs: 36EXPL: 0

CVE-2016-9842 – zlib: Undefined left shift of negative number

https://notcve.org/view.php?id=CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html http://www.openwall.com/lists/oss-security/2016/12/05/21 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95131 http://www.securitytracker.com/id/1039427 https:/&# •

CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0

CVE-2016-7055 – openssl: Carry propagating bug in Montgomery multiplication

https://notcve.org/view.php?id=CVE-2016-7055

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/94242 http://www.securitytracker.com/id/1037261 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2187 https://h20566.www2.hpe.com/hpsc/doc/public • CWE-682: Incorrect Calculation •

CVSS: 6.1EPSS: 0%CPEs: 98EXPL: 0

CVE-2016-5325 – nodejs: reason argument in ServerResponse#writeHead() not properly validated

https://notcve.org/view.php?id=CVE-2016-5325

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. Vulnerabilidad de inyección CRLF en la función ServerResponse#writeHead en Node.js 0.10.x en versiones anteriores a 0.10.47, 0.12.x en versiones anteriores a 0.12.16, 4.x en versiones anteriores a 4.6.0 y 6.x en versiones anteriores a 6.7.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través del argumento de la razón. It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.securityfocus.com/bid/93483 https://access.redhat.com/errata/RHSA-2016:2101 https://github.com/nodejs/node/commit/c0f13e56a20f9bde5a67d873a7f9564487160762 https://nodejs.org/en/blog/vulnerability/september-2016-security-releases https://security.gentoo.org/glsa/201612-43 https://access.redhat.com/security/cve/CVE-2016-5325 https://bugzilla.redhat.com/show_bug • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •

CVSS: 7.4EPSS: 0%CPEs: 98EXPL: 0

CVE-2016-7099 – nodejs: wildcard certificates not properly validated

https://notcve.org/view.php?id=CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La función tls.checkServerIdentity en Node.js 0.10.x en versiones anteriores a 0.10.47, 0.12.x en versiones anteriores a 0.12.16, 4.x en versiones anteriores a 4.6.0 y 6.x en versiones anteriores a 6.7.0 no maneja adecuadamente comodines en los campos de nombres de certificados X.509, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un certificado manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.securityfocus.com/bid/93191 https://github.com/nodejs/node/commit/743f0c916469f3129dfae406fa104dc46782e20b https://nodejs.org/en/blog/vulnerability/september-2016-security-releases https://access.redhat.com/security/cve/CVE-2016-7099 https://bugzilla.redhat.com/show_bug.cgi?id=1379921 • CWE-19: Data Processing Errors •

CVSS: 9.8EPSS: 4%CPEs: 32EXPL: 0

CVE-2016-5180 – c-ares: Single byte out of buffer write

https://notcve.org/view.php?id=CVE-2016-5180

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. Desbordamiento de búfer basado en memoria dinámica en la función ares_create_query en c-ares 1.x en versiones anteriores a 1.12.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o posiblemente ejecutar código arbitrario a través de un nombre de host con puntos finales de fuga. A vulnerability was found in c-ares. A hostname with an escaped trailing dot (such as "hello\.") would have its size calculated incorrectly, leading to a single byte written beyond the end of a buffer on the heap. An attacker able to provide such a hostname to an application using c-ares, could potentially cause that application to crash. • http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.debian.org/security/2016/dsa-3682 http://www.securityfocus.com/bid/93243 http://www.ubuntu.com/usn/USN-3143-1 https://c-ares.haxx.se/CVE-2016-5180.patch https://c-ares.haxx.se/adv_20160929.html https://googlechromereleases.blogspot.in/2016/09/stable-channel-updates-for-chrome-os.html https://security.gentoo.org/glsa/201701-28 https://source.android.com/security/bulletin/2017-01-01.html https://access&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •