Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-11499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote D...

7.5CVSS7.9AI score0.05478EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.7 views

RHEL 6 / 7 : rh-nodejs6-nodejs (RHSA-2017:2908)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2908 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. T...

7.5CVSS7.6AI score0.05478EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.17 views

RHEL 6 / 7 : rh-nodejs4-nodejs (RHSA-2017:3002)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3002 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven,...

7.5CVSS7.9AI score0.05478EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.17 views

SUSE: Security Advisory (SUSE-SU-2017:2168-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.05478EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.20 views

Security Bulletin: IBM Integration Bus is affected by Node.js security vulnerability ( CVE-2017-1000381 and CVE-2017-11499 )

Summary IBM Integration Bus has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the aresparsenaptrreply function when parsing NAPTR responses...

7.5CVSS1.5AI score0.05478EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2020/03/23 2:8 a.m.28 views

CVE-2017-11499

It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a deni...

5CVSS1.9AI score0.05478EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.23 views

SUSE SLES12 Security Update : nodejs4, nodejs6 (SUSE-SU-2017:2168-1)

This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946 ...

7.5CVSS7.7AI score0.05478EPSS
Exploits1References11
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.38 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix

Summary Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive informatio...

7.5CVSS0.5AI score0.05478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.50 views

Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™

Summary Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw relate...

7.5CVSS0.8AI score0.05478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/03 4:23 a.m.32 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

7.5CVSS0.6AI score0.05478EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.28 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM API Connect (CVE-2017-1000381, CVE-2017-11499)

Summary IBM API Connect has addressed Node.js vulnerabilities involving access to sensitive information and potential denial of service. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read...

7.5CVSS1.8AI score0.05478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:8 a.m.28 views

Security Bulletin: Vulnerability in Node.js affects IBM DataPower Gateways (CVE-2017-11499)

Summary Potential Denial of Service in Node.js. IBM DataPower Gateways has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw related to constant HashTable seeds. A remote attacker could exploit thi...

7.5CVSS2.1AI score0.05478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.34 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remot...

7.5CVSS0.8AI score0.05478EPSS
Exploits1Affected Software3
OpenVAS
OpenVAS
added 2018/03/02 12:0 a.m.40 views

Elastic Kibana 'CVE-2017-11499' DoS Vulnerability - Linux

Elastic Kibana is shipping a version of Node.js which is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.5CVSS8.5AI score0.05478EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2017/08/18 12:0 a.m.24 views

openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)

This update for nodejs4 and nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946...

7.5CVSS7.7AI score0.05478EPSS
Exploits1References17
OSV
OSV
added 2017/08/15 12:27 p.m.6 views

SUSE-SU-2017:2168-1 Security update for nodejs4, nodejs6

This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946 -...

7.5CVSS6.8AI score0.05478EPSS
Exploits1References7
Elastic
Elastic
added 2017/07/25 4:20 p.m.3 views

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw ESA-2017-14 The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests...

7.5CVSS7.8AI score0.05478EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2017/07/25 1:29 p.m.34 views

CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

7.5CVSS7.2AI score0.05478EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/07/25 1:0 p.m.28 views

CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

7.5AI score0.05478EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2017/07/25 1:0 p.m.36 views

CVE-2017-11499

Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots...

7.5CVSS7.7AI score0.05478EPSS
Exploits1
Rows per page
Query Builder