The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Node.js Core

security alert CVE-2018-7164

Node.js Core: denial of service via Unused Memory

Synthesis of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7164, ibm10715995, VIGILANCE-VUL-26421.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Unused Memory of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-7162

Node.js Core: use after free via TLS

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Severity: 3/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7162, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, VIGILANCE-VUL-26420.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via TLS of Node.js Core, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-7161

Node.js Core: denial of service via HTTP2 Cleanup

Synthesis of the vulnerability

An attacker can generate a fatal error via HTTP2 Cleanup of Node.js Core, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7161, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, ibm10728705, openSUSE-SU-2018:1963-1, SUSE-SU-2018:1918-1, VIGILANCE-VUL-26419.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via HTTP2 Cleanup of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2018-7167

Node.js Core: denial of service via Buffer.fill

Synthesis of the vulnerability

An attacker can generate a fatal error via Buffer.fill() of Node.js Core, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-7167, FEDORA-2018-79841c871e, FEDORA-2018-f59d961d7b, ibm10715995, openSUSE-SU-2018:1962-1, openSUSE-SU-2018:1963-1, SUSE-SU-2018:1892-1, SUSE-SU-2018:1918-1, VIGILANCE-VUL-26418.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Buffer.fill() of Node.js Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2018-0732

OpenSSL: denial of service via Large DH Parameter

Synthesis of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 12/06/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0732, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10719319, ibm10729805, ibm10738401, ibm10743283, ibm10874728, JSA10919, K21665601, openSUSE-SU-2018:1906-1, openSUSE-SU-2018:2117-1, openSUSE-SU-2018:2129-1, openSUSE-SU-2018:2667-1, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2816-1, openSUSE-SU-2018:2855-1, openSUSE-SU-2018:3013-1, openSUSE-SU-2018:3015-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:1887-1, SUSE-SU-2018:1968-1, SUSE-SU-2018:2036-1, SUSE-SU-2018:2041-1, SUSE-SU-2018:2207-1, SUSE-SU-2018:2647-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2812-1, SUSE-SU-2018:2956-1, SUSE-SU-2018:2965-1, SUSE-SU-2019:1553-1, SYMSA1462, TNS-2018-14, TNS-2018-17, TSB17568, USN-3692-1, USN-3692-2, VIGILANCE-VUL-26375.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Large DH Parameter of OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000168

Nghttp2: NULL pointer dereference via ALTSVC Frame

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ALTSVC Frame of Nghttp2, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 23/04/2018.
Identifiers: bulletinoct2018, CVE-2018-1000168, FEDORA-2018-cec96a9c41, ibm10715995, ibm10728705, openSUSE-SU-2018:1963-1, SUSE-SU-2018:1918-1, VIGILANCE-VUL-25942.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ALTSVC Frame of Nghttp2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2018-0737

OpenSSL: information disclosure via RSA Constant Time Key Generation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Severity: 1/4.
Creation date: 17/04/2018.
Identifiers: bulletinjul2018, CERTFR-2018-AVI-511, CERTFR-2018-AVI-607, cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-0737, DLA-1449-1, DSA-4348-1, DSA-4355-1, FEDORA-2019-00c25b9379, ibm10729805, ibm10743283, ibm10880781, JSA10919, openSUSE-SU-2018:2695-1, openSUSE-SU-2018:2957-1, openSUSE-SU-2018:3015-1, openSUSE-SU-2019:0152-1, openSUSE-SU-2019:1432-1, PAN-SA-2018-0015, RHSA-2018:3221-01, SSA:2018-226-01, SUSE-SU-2018:2486-1, SUSE-SU-2018:2492-1, SUSE-SU-2018:2683-1, SUSE-SU-2018:2928-1, SUSE-SU-2018:2965-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2019:0197-1, SUSE-SU-2019:0512-1, SUSE-SU-2019:1553-1, TNS-2018-14, TNS-2018-17, TSB17568, USN-3628-1, USN-3628-2, USN-3692-1, USN-3692-2, VIGILANCE-VUL-25884.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Constant Time Key Generation of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2018-7160

Node Core: code execution via Inspector DNS Rebinding

Synthesis of the vulnerability

An attacker can use a vulnerability via Inspector DNS Rebinding of Node Core, in order to run code.
Severity: 3/4.
Creation date: 29/03/2018.
Identifiers: CVE-2018-7160, FEDORA-2018-e672eaf4df, FEDORA-2018-ecf73042e3, ibm10715995, openSUSE-SU-2018:1209-1, VIGILANCE-VUL-25723.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Inspector DNS Rebinding of Node Core, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-7159

Node Core: vulnerability via HTTP Content-Length Spaces

Synthesis of the vulnerability

A vulnerability via HTTP Content-Length Spaces of Node Core was announced.
Severity: 2/4.
Creation date: 29/03/2018.
Identifiers: CVE-2018-7159, FEDORA-2018-e672eaf4df, FEDORA-2018-ecf73042e3, ibm10715995, K27228191, openSUSE-SU-2018:0967-1, openSUSE-SU-2018:1209-1, RHSA-2019:2258-01, VIGILANCE-VUL-25722.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A vulnerability via HTTP Content-Length Spaces of Node Core was announced.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2018-7158

Node Core: denial of service via Path Regular Expression

Synthesis of the vulnerability

An attacker can generate a fatal error via Path Regular Expression of Node Core, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 29/03/2018.
Identifiers: CVE-2018-7158, FEDORA-2018-e672eaf4df, FEDORA-2018-ecf73042e3, ibm10715995, openSUSE-SU-2018:0967-1, openSUSE-SU-2018:1209-1, VIGILANCE-VUL-25721.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Path Regular Expression of Node Core, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Node.js Core: