The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node Core

vulnerability note 29174

OpenSSL: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Impacted products: Nodejs Core, OpenSSL, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 02/05/2019.
Identifiers: 1117951, 7739, openSUSE-SU-2019:1373-1, SUSE-SU-2019:1124-1, SUSE-SU-2019:1136-1, SUSE-SU-2019:1141-1, VIGILANCE-VUL-29174.

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2019-5739

Node Core: denial of service via Keep-alive HTTP

Synthesis of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Impacted products: IBM i, Junos Space, Nodejs Core, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 01/03/2019.
Identifiers: CERTFR-2019-AVI-325, CVE-2019-5739, ibm10787619, JSA10951, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1173-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0818-1, VIGILANCE-VUL-28633.

Description of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2019-5737

Node Core: denial of service via Slowloris HTTP Keep-alive

Synthesis of the vulnerability

An attacker can trigger a fatal error via Slowloris HTTP Keep-alive of Node Core, in order to trigger a denial of service.
Impacted products: IBM API Connect, IBM i, Nodejs Core, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 01/03/2019.
Identifiers: CVE-2019-5737, ibm10787619, ibm10882602, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1211-1, RHSA-2019:1821-01, SUSE-SU-2019:0627-1, SUSE-SU-2019:0635-1, SUSE-SU-2019:0636-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0818-1, VIGILANCE-VUL-28632.

Description of the vulnerability

An attacker can trigger a fatal error via Slowloris HTTP Keep-alive of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Impacted products: SDS, SES, SNS, Blue Coat CAS, Debian, AIX, IBM i, Rational ClearCase, Tivoli Storage Manager, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, MariaDB ~ precise, McAfee Web Gateway, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Percona Server, RHEL, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-12116 CVE-2018-12120 CVE-2018-12121

Node Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Impacted products: BIG-IP Hardware, TMOS, IBM API Connect, IBM i, I-Connect, IRAD, Nodejs Core, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: data reading, data creation/edition, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/11/2018.
Identifiers: CVE-2018-12116, CVE-2018-12120, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, ibm10787619, ibm10794537, ibm10878136, K37111863, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0089-1, openSUSE-SU-2019:0234-1, RHSA-2019:1821-01, RHSA-2019:2258-01, SUSE-SU-2019:0117-1, SUSE-SU-2019:0118-1, SUSE-SU-2019:0395-1, VIGILANCE-VUL-27900.

Description of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0734

OpenSSL: information disclosure via DSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Debian, AIX, IRAD, Rational ClearCase, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, Percona Server, XtraBackup, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Nessus, Ubuntu, WinSCP.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 30/10/2018.
Identifiers: bulletinapr2019, bulletinjan2019, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-0734, DSA-4348-1, DSA-4355-1, ibm10794537, ibm10875298, openSUSE-SU-2018:3890-1, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0138-1, openSUSE-SU-2019:0234-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:2304-01, SSA:2018-325-01, SUSE-SU-2018:3863-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27640.

Description of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-0735

OpenSSL: information disclosure via ECDSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Impacted products: Blue Coat CAS, Debian, IRAD, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Oracle Identity Management, Solaris, Tuxedo, WebLogic, SLES, Symantec Content Analysis, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 29/10/2018.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-0735, DLA-1586-1, DSA-4348-1, ibm10794537, openSUSE-SU-2018:3890-1, SUSE-SU-2018:3863-1, SYMSA1490, USN-3840-1, VIGILANCE-VUL-27631.

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-7166

Node Core: information disclosure via Buffer.alloc

Synthesis of the vulnerability

A local attacker can read a memory fragment via Buffer.alloc() of Node Core, in order to obtain sensitive information.
Impacted products: IBM i, Nodejs Core.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: CVE-2018-7166, ibm10730325, VIGILANCE-VUL-27030.

Description of the vulnerability

A local attacker can read a memory fragment via Buffer.alloc() of Node Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-7164

Node.js Core: denial of service via Unused Memory

Synthesis of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Impacted products: IBM i, Nodejs Core.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7164, ibm10715995, VIGILANCE-VUL-26421.

Description of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-7162

Node.js Core: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, IBM i, Nodejs Core.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7162, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, VIGILANCE-VUL-26420.

Description of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node Core: