CVE-2015-7384
https://notcve.org/view.php?id=CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. Node.js 4.0.0, 4.1.0 y 4.1.1 permite que atacantes remotos provoquen una denegación de servicio. • http://www.securityfocus.com/bid/101260 https://bugzilla.redhat.com/show_bug.cgi?id=1268791 https://github.com/nodejs/node/issues/3138 • CWE-400: Uncontrolled Resource Consumption •
CVE-2015-2927
https://notcve.org/view.php?id=CVE-2015-2927
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). node en su versión 0.3.2 y URONode en versiones anteriores a la 1.0.5r3 permite que los atacantes remotos provoquen una denegación de servicio (consumo de ancho de banda). • http://www.openwall.com/lists/oss-security/2015/04/06/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013 https://bugzilla.redhat.com/show_bug.cgi?id=1209781 https://support.f5.com/csp/article/K64462543?utm_source=f5support&%3Butm_medium=RSS • CWE-399: Resource Management Errors •
CVE-2017-11499 – nodejs: Constant Hashtable Seeds vulnerability
https://notcve.org/view.php?id=CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. Node.js versión v4.0 hasta v4.8.3, todas las versiones de v5.x, versión v6.0 hasta v6.11.0, versión v7.0 hasta v7.10.0, y versión v8.0 hasta v8.1.3, fue susceptible a ataques DoS remotos de inundación de hash ya que el seed HashTable fue constante en una versión dada de Node.js. Esto fue el resultado de la compilación con instantáneas V8 habilitadas por defecto, lo que causó que el seed aleatorizado inicialmente se sobrescribiera en el arranque. It was found that Node.js was using a non-randomized seed when populating hash tables. • http://www.securityfocus.com/bid/99959 https://access.redhat.com/errata/RHSA-2017:2908 https://access.redhat.com/errata/RHSA-2017:3002 https://nodejs.org/en/blog/vulnerability/july-2017-security-releases https://access.redhat.com/security/cve/CVE-2017-11499 https://bugzilla.redhat.com/show_bug.cgi?id=1475327 • CWE-20: Improper Input Validation •
CVE-2017-1000381 – c-ares: NAPTR parser out of bounds access
https://notcve.org/view.php?id=CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. La función "ares_parse_naptr_reply()" de c-ares, que es usada para analizar las respuestas NAPTR, podría ser activada para leer la memoria fuera del búfer de entrada dado si el pasado en el paquete de respuesta DNS fue creado de una manera particular. • http://www.securityfocus.com/bid/99148 https://c-ares.haxx.se/0616.patch https://c-ares.haxx.se/adv_20170620.html https://access.redhat.com/security/cve/CVE-2017-1000381 https://bugzilla.redhat.com/show_bug.cgi?id=1463132 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-3732 – BN_mod_exp may produce incorrect results on x86_64
https://notcve.org/view.php?id=CVE-2017-3732
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/95814 http://www.securitytracker.com/id/1037717 https://access.redhat.com/errata/RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •