CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2018-7160 – nodejs: Inspector DNS rebinding vulnerability
https://notcve.org/view.php?id=CVE-2018-7160
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. El inspector de Node.js, en versiones 6.x y siguientes, es vulnerable a un ataque de reenlace DNS que podría explotarse para ejecutar código de forma remota. • https://nodejs.org/en/blog/vulnerability/march-2018-security-releases https://support.f5.com/csp/article/K63025104?utm_source=f5support&%3Butm_medium=RSS https://www.oracle.com//security-alerts/cpujul2021.html https://access.redhat.com/security/cve/CVE-2018-7160 https://bugzilla.redhat.com/show_bug.cgi?id=1561979 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action •
CVSS: 7.5EPSS: 4%CPEs: 6EXPL: 0CVE-2018-1000168 – nghttp2: Null pointer dereference when too large ALTSVC frame is received
https://notcve.org/view.php?id=CVE-2018-1000168
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. nghttp2 hasta la versión 1.10.0 y nghttp2 en versiones 1.31.0 y anteriores contienen una vulnerabilidad de validación incorrecta de entradas (CWE-20) en la gestión de tramas ALTSVC que puede resultar en un fallo de segmentación, lo que provoca una denegación de servicio (DoS). Este ataque parece ser explotable mediante un cliente de red. La vulnerabilidad parece haber sido solucionada en la versión 1.31.1 y posteriores. • http://www.securityfocus.com/bid/103952 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1 https://nodejs.org/en/blog/vulnerability/june-2018-security-releases https://access.redhat.com/security/cve/CVE-2018-1000168 https://bugzilla.redhat.com/show_bug.cgi?id=1565035 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15896
https://notcve.org/view.php?id=CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. Node.js se ha visto afectado por una vulnerabilidad de OpenSSL (CVE-2017-3737) en relación con el uso de SSL_read() debido a un error en la negociación TLS. El resultado era que un atacante de una red activa podría enviar datos de la aplicación a Node.js empleando los módulos TLS o HTTP2 de forma que omitan la autenticación y codificación TLS. • https://nodejs.org/en/blog/vulnerability/december-2017-security-releases •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15897
https://notcve.org/view.php?id=CVE-2017-15897
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. Node.js tenía un bug en las versiones 8.X y 9.X que provocaba que los búfers no se inicializasen cuando la codificación para el valor de relleno no coincidía con la codificación especificada. Por ejemplo, "Buffer.alloc(0x100, "This is not correctly encoded", "hex");" La implementación del búfer se actualizó de tal forma que el búfer se inicializará con todo ceros en esos casos. • https://nodejs.org/en/blog/vulnerability/december-2017-security-releases • CWE-665: Improper Initialization •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2017-3738 – openssl: rsaz_1024_mul_avx2 overflow bug on x86_64
https://notcve.org/view.php?id=CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/102118 http://www.securitytracker.com/id/1039978 https://access.redhat.com/errata/RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.co • CWE-190: Integer Overflow or Wraparound CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •