Page 7 of 41 results (0.019 seconds)

CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0

CVE-2018-12121 – nodejs: Denial of Service with large HTTP headers

https://notcve.org/view.php?id=CVE-2018-12121

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer. Node.js: Todas las versiones anteriores a la 6.15.0, 8.14.0, 10.14.0 y 11.3.0: Denegación de servicio (DoS) con cabeceras HTTP grandes. Mediante la combinación de muchas peticiones con cabeceras de tamaño máximo (casi 80 KB por conexión) y al terminar a su debido tiempo las cabeceras, es posible provocar que el servidor HTTP aborte el fallo de asignación de memoria dinámica (heap). El potencial del ataque se ve mitigado por el uso de un balance de carga u otra capa del proxy. • http://www.securityfocus.com/bid/106043 https://access.redhat.com/errata/RHSA-2019:1821 https://access.redhat.com/errata/RHSA-2019:2258 https://access.redhat.com/errata/RHSA-2019:3497 https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.gentoo.org/glsa/202003-48 https://access.redhat.com/security/cve/CVE-2018-12121 https://bugzilla.redhat.com/show_bug.cgi?id=1661002 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 2

CVE-2018-5407 – Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel

https://notcve.org/view.php?id=CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. • https://www.exploit-db.com/exploits/45785 http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •

CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0

CVE-2018-0734 – Timing attack against DSA

https://notcve.org/view.php?id=CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://www.securityfocus.com/bid/105758 https://access.redhat.com/errata/RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://git.openssl.org/gitweb/?p=openssl.git%3Ba • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •

CVSS: 5.9EPSS: 0%CPEs: 47EXPL: 0

CVE-2018-0735 – Timing attack against ECDSA signature generation

https://notcve.org/view.php?id=CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronización de canal lateral. • http://www.securityfocus.com/bid/105750 http://www.securitytracker.com/id/1041986 https://access.redhat.com/errata/RHSA-2019:3700 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html https://nodejs.org/en/blog/vulnerability/november-2018-security-releases https://security.netapp.com/advisor • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-7166 – nodejs: Unintentional exposure of uninitialized memory

https://notcve.org/view.php?id=CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer's` internal "fill" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information. En todas las versiones de Node.js 10 anteriores a la 10.9.0, un fallo en el procesamiento de argumentos puede provocar que "Buffer.alloc()" devuelva memoria no inicializada. • https://access.redhat.com/errata/RHSA-2018:2553 https://nodejs.org/en/blog/vulnerability/august-2018-security-releases https://access.redhat.com/security/cve/CVE-2018-7166 https://bugzilla.redhat.com/show_bug.cgi?id=1620215 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-226: Sensitive Information in Resource Not Removed Before Reuse CWE-908: Use of Uninitialized Resource •