Page 6 of 31 results (0.018 seconds)

CVSS: 7.5EPSS: 8%CPEs: 61EXPL: 0

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. Desbordamiento de entero en la función EVP_EncodeUpdate en crypto/evp/encode.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de una gran cantidad de datos binarios. An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-05/ • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •

CVSS: 5.9EPSS: 96%CPEs: 60EXPL: 2

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •

CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Node.js 0.10.x en versiones anteriores a 0.10.42, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos llevar a cabo ataques de contrabando de peticiones HTTP a través de una cabecera Content-Length HTTP. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://www.securityfocus.com/bid/83282 https://nodejs.org/en/blog/vulnerability/february-2016-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0

The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. El código de interpretacción de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versión 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos eludir un mecanismo de protección de separación de respuesta HTTP a través de caracteres Unicode codificados en UTF-8 en la cabecera HTTP, según lo demonstrado mediante %c4%8d%c4%8a. Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability. • http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html http://www.securityfocus.com/bid/83141 https://nodejs.org/en/blog/vulnerability/february-2016-security-re • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 0

Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (uncaughtException e interrupción de servicio) a través de una petición HTTP con pipelining. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524 http://www-01.ibm.com/support/docview.wss?uid=swg21972419 http://www.securityfocus.com/bid/78207 https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 https://nodejs.org/en/blog/vulnerability/december-2015-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-17: DEPRECATED: Code •