RHEL 8 : nodejs-request (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-request: Remote Memory Exposure when a multipart request is made CVE-2017-16026 Note that Nessus has not...

CVE-2021-23386 Remote Memory Exposure

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...

Remote Memory Exposure

Overview dns-packet is an An abstract-encoding compliant module for encoding / decoding DNS packets Affected versions of this package are vulnerable to Remote Memory Exposure. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose interna...

Remote Memory Exposure

Overview A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1 2.2.1 and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory v...

GHSA-PP7H-53GX-MX7R Remote Memory Exposure in bl

A buffer over-read vulnerability exists in bl 4.0.3, 3.0.1, 2.2.1, and 1.2.3 which could allow an attacker to supply user input even typed that if it ends up in consume argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via...

GHSA-53MJ-MC38-Q894 Remote Memory Exposure in openwhisk

Versions of openwhisk before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to apikey, affected versions of openwhisk allocate an uninitialized buffer and send that over network in Authorization header base64-encoded. Proof of concept: js var openwhisk = require'openwhisk...

Remote Memory Exposure in openwhisk

Versions of openwhisk before 3.3.1 are vulnerable to remote memory exposure. When a number is passed to apikey, affected versions of openwhisk allocate an uninitialized buffer and send that over network in Authorization header base64-encoded. Proof of concept: js var openwhisk = require'openwhisk...

Remote Memory Exposure in mongoose

Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 or later...

GHSA-R5XW-Q988-826M Remote Memory Exposure in mongoose

Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 or later...

GHSA-3P92-886G-QXPQ Remote Memory Exposure in floody

Versions of floody before 0.1.1 are vulnerable to remote memory exposure. .writenumber in the affected floody versions passes a number to Buffer constructor, appending a chunk of uninitialized memory. Proof of Concept: var f = require'floody'process.stdout; f.writeUSERSUPPLIEDINPUT; 'f.stop;...

GHSA-5F7M-MMPC-QHH4 mysql Node.JS Module Vulnerable to Remote Memory Exposure

Versions of mysql before 2.14.0 are vulnerable to remove memory exposure. Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password. Only mysql running on Node.js versions below 6.0.0 are affected due to a throw added in...

mysql Node.JS Module Vulnerable to Remote Memory Exposure

Versions of mysql before 2.14.0 are vulnerable to remove memory exposure. Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password. Only mysql running on Node.js versions below 6.0.0 are affected due to a throw added in...

GHSA-7XFP-9C55-5VQJ Remote Memory Exposure in request

Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body. Proof of Concept js var request =...

Remote Memory Exposure

Overview Versions of mysql before 2.14.0 are vulnerable to remove memory exposure. Affected versions of mysql package allocate and send an uninitialized memory over the network when a number is provided as a password. Only mysql running on Node.js versions below 6.0.0 is affected due to a throw...

Remote Memory Exposure

Overview Versions of floody before 0.1.1 are vulnerable to remote memory exposure. .writenumber in the affected floody versions passes a number to Buffer constructor, appending a chunk of uninitialized memory. Proof of Concept: var f = require'floody'process.stdout; f.writeUSERSUPPLIEDINPUT;...

Remote Memory Exposure

Overview Versions of mongoose before 4.3.6, 3.8.39 are vulnerable to remote memory exposure. Trying to save a number to a field of type Buffer on the affected mongoose versions allocates a chunk of uninitialized memory and stores it in the database. Recommendation Update to version 4.3.6, 3.8.39 ...