CVSS: 5.1EPSS: 0%CPEs: 40EXPL: 0CVE-2016-0702 – OpenSSL: Side channel attack on modular exponentiation
https://notcve.org/view.php?id=CVE-2016-0702
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. La función MOD_EXP_CTIME_COPY_FROM_PREBUF en crypto/bn/bn_exp.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g no considera correctamente las veces que se accede al cache-bank durante la exponenciación modular, lo que facilita a usuarios locales descubrir las claves RSA ejecutando una aplicación manipulada en el mismo núcleo de la CPU Intel Sandy Bridge como víctima y aprovechándose de los conflictos del cache-bank, también conocida como un ataque "CacheBleed". A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. • http://cachebleed.info http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178358.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178817.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0CVE-2016-2216 – Node.js HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2016-2216
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. El código de interpretacción de cabecera HTTP en Node.js 0.10.x en versiones anteriores a 0.10.42, 0.11.6 hasta la versión 0.11.16, 0.12.x en versiones anteriores a 0.12.10, 4.x en versiones anteriores a 4.3.0 y 5.x en versiones anteriores a 5.6.0 permite a atacantes remotos eludir un mecanismo de protección de separación de respuesta HTTP a través de caracteres Unicode codificados en UTF-8 en la cabecera HTTP, según lo demonstrado mediante %c4%8d%c4%8a. Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability. • http://blog.safebreach.com/2016/02/09/http-response-splitting-in-node-js-root-cause-analysis http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177184.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177673.html http://packetstormsecurity.com/files/135711/Node.js-HTTP-Response-Splitting.html http://www.securityfocus.com/bid/83141 https://nodejs.org/en/blog/vulnerability/february-2016-security-re • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 14EXPL: 0CVE-2015-8027
https://notcve.org/view.php?id=CVE-2015-8027
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. Node.js 0.12.x en versiones anteriores a 0.12.9, 4.x en versiones anteriores a 4.2.3 y 5.x en versiones anteriores a 5.1.1 no asegura la disponibilidad de un analizador para cada socket HTTP, lo que permite a atacantes remotos provocar una denegación de servicio (uncaughtException e interrupción de servicio) a través de una petición HTTP con pipelining. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV79524 http://www-01.ibm.com/support/docview.wss?uid=swg21972419 http://www.securityfocus.com/bid/78207 https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 https://nodejs.org/en/blog/vulnerability/december-2015-security-releases https://security.gentoo.org/glsa/201612-43 • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2015-6764 – v8: unspecified out-of-bounds access vulnerability
https://notcve.org/view.php?id=CVE-2015-6764
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. La función BasicJsonStringifier::SerializeJSArray en json-stringifier.h en el stringifier JSON en Google V8, como se utiliza en Google Chrome en versiones anteriores a 47.0.2526.73, carga indebidamente elementos de un array, lo que permite a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado. • http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00045.html http://www.debian.org/security/2015/dsa-3415 http://www.securityfocus.com/bid/78209 http://www.securitytracker.com/id/1034298 https://chromium.googlesource.com/v8/v8/+/6df9a1db8c85ab63dee63879456b6027df53fabc https:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3193
https://notcve.org/view.php?id=CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. La implementación de exponenciación al cuadrado de Montgomery en crypto/bn/asm/x86_64-mont5.pl en OpenSSL 1.0.2 en versiones anteriores a 1.0.2e en la plataforma x86_64, como se utiliza por la función BN_mod_exp, no maneja correctamente la propagación de acarreo y produce una salida incorrecta, lo que hace más fácil para atacantes remotos obtener información sensible de las claves privadas a través de un ataque contra el uso de una suite de cifrado (1) Diffie-Hellman (DH) o (2) Diffie-Hellman Ephemeral (DHE). • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://openssl.org/news/secadv/20151203.txt http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl http://www.fortiguard.com/advisory/openssl-advisory-december-2015 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •