The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node Core

security vulnerability 29174

OpenSSL: information disclosure via Side-channel Based Padding

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 02/05/2019.
Identifiers: 1117951, 7739, openSUSE-SU-2019:1373-1, SUSE-SU-2019:1124-1, SUSE-SU-2019:1136-1, SUSE-SU-2019:1141-1, VIGILANCE-VUL-29174.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Side-channel Based Padding of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2019-5739

Node Core: denial of service via Keep-alive HTTP

Synthesis of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 01/03/2019.
Identifiers: CERTFR-2019-AVI-325, CVE-2019-5739, ibm10787619, JSA10951, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1173-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0818-1, VIGILANCE-VUL-28633.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Keep-alive HTTP of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2019-5737

Node Core: denial of service via Slowloris HTTP Keep-alive

Synthesis of the vulnerability

An attacker can trigger a fatal error via Slowloris HTTP Keep-alive of Node Core, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 01/03/2019.
Identifiers: CVE-2019-5737, ibm10787619, ibm10882602, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1211-1, RHSA-2019:1821-01, SUSE-SU-2019:0627-1, SUSE-SU-2019:0635-1, SUSE-SU-2019:0636-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0818-1, VIGILANCE-VUL-28632.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via Slowloris HTTP Keep-alive of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2019-1559

OpenSSL 1.0.2: information disclosure via 0-byte Record Padding Oracle

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 26/02/2019.
Identifiers: bulletinapr2019, bulletinjul2019, CERTFR-2019-AVI-080, CERTFR-2019-AVI-132, CERTFR-2019-AVI-214, CERTFR-2019-AVI-325, cpuapr2019, cpujul2019, cpuoct2019, CVE-2019-1559, DLA-1701-1, DSA-4400-1, FEDORA-2019-00c25b9379, ibm10876638, ibm10886237, ibm10886659, JSA10949, openSUSE-SU-2019:1076-1, openSUSE-SU-2019:1105-1, openSUSE-SU-2019:1173-1, openSUSE-SU-2019:1175-1, openSUSE-SU-2019:1432-1, openSUSE-SU-2019:1637-1, RHBUG-1683804, RHBUG-1683807, RHSA-2019:2304-01, RHSA-2019:2471-01, SB10282, SSA:2019-057-01, SSB-439005, STORM-2019-001, SUSE-SU-2019:0572-1, SUSE-SU-2019:0600-1, SUSE-SU-2019:0658-1, SUSE-SU-2019:0803-1, SUSE-SU-2019:0818-1, SUSE-SU-2019:1362-1, SUSE-SU-2019:14091-1, SUSE-SU-2019:14092-1, SUSE-SU-2019:1553-1, SUSE-SU-2019:1608-1, SYMSA1490, TNS-2019-02, USN-3899-1, VIGILANCE-VUL-28600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via 0-byte Record Padding Oracle of OpenSSL 1.0.2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-12116 CVE-2018-12120 CVE-2018-12121

Node Core: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/11/2018.
Identifiers: CVE-2018-12116, CVE-2018-12120, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, ibm10787619, ibm10794537, ibm10878136, K37111863, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0089-1, openSUSE-SU-2019:0234-1, RHSA-2019:1821-01, RHSA-2019:2258-01, RHSA-2019:3497-01, SUSE-SU-2019:0117-1, SUSE-SU-2019:0118-1, SUSE-SU-2019:0395-1, VIGILANCE-VUL-27900.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2018-0734

OpenSSL: information disclosure via DSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 30/10/2018.
Identifiers: bulletinapr2019, bulletinjan2019, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-0734, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10794537, ibm10875298, openSUSE-SU-2018:3890-1, openSUSE-SU-2018:3903-1, openSUSE-SU-2018:4050-1, openSUSE-SU-2018:4104-1, openSUSE-SU-2019:0084-1, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0138-1, openSUSE-SU-2019:0234-1, openSUSE-SU-2019:1547-1, openSUSE-SU-2019:1814-1, RHSA-2019:2304-01, RHSA-2019:3700-01, SSA:2018-325-01, SUSE-SU-2018:3863-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3866-1, SUSE-SU-2018:3964-1, SUSE-SU-2018:3989-1, SUSE-SU-2018:4001-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:0117-1, SUSE-SU-2019:0395-1, SUSE-SU-2019:1553-1, TNS-2018-16, TNS-2018-17, USN-3840-1, VIGILANCE-VUL-27640.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via DSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-0735

OpenSSL: information disclosure via ECDSA Signature Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 29/10/2018.
Identifiers: bulletinjan2019, cpuapr2019, cpujul2019, CVE-2018-0735, DLA-1586-1, DSA-4348-1, ibm10794537, openSUSE-SU-2018:3890-1, RHSA-2019:3700-01, SUSE-SU-2018:3863-1, SYMSA1490, USN-3840-1, VIGILANCE-VUL-27631.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via ECDSA Signature Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-7166

Node Core: information disclosure via Buffer.alloc

Synthesis of the vulnerability

A local attacker can read a memory fragment via Buffer.alloc() of Node Core, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 16/08/2018.
Identifiers: CVE-2018-7166, ibm10730325, VIGILANCE-VUL-27030.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a memory fragment via Buffer.alloc() of Node Core, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2018-7164

Node.js Core: denial of service via Unused Memory

Synthesis of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7164, ibm10715995, VIGILANCE-VUL-26421.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-7162

Node.js Core: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7162, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, VIGILANCE-VUL-26420.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node Core: