Total
143 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-0734 | 6 Canonical, Debian, Netapp and 3 more | 20 Ubuntu Linux, Debian Linux, Cloud Backup and 17 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | |||||
CVE-2018-0732 | 4 Canonical, Debian, Nodejs and 1 more | 4 Ubuntu Linux, Debian Linux, Node.js and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). | |||||
CVE-2017-3738 | 3 Debian, Nodejs, Openssl | 3 Debian Linux, Node.js, Openssl | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. | |||||
CVE-2017-3731 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | |||||
CVE-2017-16024 | 2 Nodejs, Sync-exec Project | 2 Node.js, Sync-exec | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. | |||||
CVE-2017-15897 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This is not correctly encoded", "hex");' The buffer implementation was updated such that the buffer will be initialized to all zeros in these cases. | |||||
CVE-2017-15896 | 1 Nodejs | 1 Node.js | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption. | |||||
CVE-2017-14919 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | |||||
CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | |||||
CVE-2017-11499 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. | |||||
CVE-2017-1000381 | 2 C-ares Project, Nodejs | 2 C-ares, Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | |||||
CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||||
CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
CVE-2016-9840 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
CVE-2016-7099 | 2 Nodejs, Suse | 2 Node.js, Linux Enterprise | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2016-7055 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is because the subroutine in question is not used in operations with the private key itself and an input of the attacker's direct choice. Otherwise the bug can manifest itself as transient authentication and key negotiation failures or reproducible erroneous outcome of public-key operations with specially crafted input. Among EC algorithms only Brainpool P-512 curves are affected and one presumably can attack ECDH key negotiation. Impact was not analyzed in detail, because pre-requisites for attack are considered unlikely. Namely multiple clients have to choose the curve in question and the server has to share the private key among them, neither of which is default behaviour. Even then only clients that chose the curve will be affected. | |||||
CVE-2016-7052 | 3 Nodejs, Novell, Openssl | 3 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | |||||
CVE-2016-6306 | 6 Canonical, Debian, Hp and 3 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | |||||
CVE-2016-6304 | 3 Nodejs, Novell, Openssl | 3 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. |