Computer vulnerabilities of Nodejs Core

OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information...
2011879, 2013026, 2014367, bulletinapr2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, JSA10990, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, SUSE-SU-2019:14246-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24317

OpenSSL: Man-in-the-Middle via bn_sqrx8x_internal
An attacker can act as a Man-in-the-Middle and use a carry error of bn_sqrx8x_internal() on OpenSSL, in order to read or write data in the session...
2012827, 2013025, 2014202, 2014651, 2014669, 2015080, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-391, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3736, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, ibm10715641, ibm10719113, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10851, K14363514, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA157, SB10211, SB10220, SSA:2017-306-02, STORM-2017-006, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, SUSE-SU-2019:14246-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-24316

Node Core: denial of service via zlib windowBits
An attacker can generate a fatal error via zlib windowBits of Node Core, in order to trigger a denial of service...
CVE-2017-14919, FEDORA-2017-5c17b4934f, FEDORA-2017-c582c1e728, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, VIGILANCE-VUL-24236

Node.js 8.5.0: directory traversal
An attacker can traverse directories of Node.js 8.5.0, in order to read a file outside the service root path...
CVE-2017-14849, VIGILANCE-VUL-23963

OpenSSL: out-of-bounds memory reading via X.509 IPAddressFamily
An attacker can force a read at an invalid address via X.509 IPAddressFamily of OpenSSL, in order to trigger a denial of service, or to obtain sensitive information...
2011879, 2013026, 2014367, bulletinapr2018, CERTFR-2019-AVI-242, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2017-3735, DSA-4017-1, DSA-4018-1, FEDORA-2017-4cf72e2c11, FEDORA-2017-512a6c5aae, FEDORA-2017-55a3247cfd, FEDORA-2017-7f30914972, FEDORA-2017-dbec196dd8, FreeBSD-SA-17:11.openssl, HT208331, HT208394, ibm10715641, ibm10738249, JSA10851, JSA10990, K21462542, openSUSE-SU-2017:3192-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:3221-01, SA157, SB10211, SUSE-SU-2017:2968-1, SUSE-SU-2017:2981-1, SUSE-SU-2018:0112-1, SUSE-SU-2019:14246-1, TNS-2017-15, USN-3475-1, VIGILANCE-VUL-23636

Node Core: two vulnerabilities
An attacker can use several vulnerabilities of Node Core...
CVE-2017-11499, openSUSE-SU-2017:2179-1, RHSA-2017:2908-01, RHSA-2017:3002-01, Synology-SA-17:32, VIGILANCE-VUL-23220

c-ares: out-of-bounds memory reading via NAPTR
An attacker can force a read at an invalid address via NAPTR of c-ares, in order to trigger a denial of service, or to obtain sensitive information...
cpujul2017, CVE-2017-1000381, DLA-998-1, FEDORA-2017-05254795cf, FEDORA-2017-4932c9b886, FEDORA-2017-6dc3fd198d, FEDORA-2017-7c1621d2e8, FEDORA-2017-7c9a5b4791, FEDORA-2017-81522ac6d8, FEDORA-2017-aa44293a53, FEDORA-2017-ba1399832b, openSUSE-SU-2017:1857-1, openSUSE-SU-2017:2179-1, USN-3395-1, VIGILANCE-VUL-23068

Node Core: NULL pointer dereference via TLS I/O
An attacker can force a NULL pointer to be dereferenced by Node Core via TLS partial input, in order to trigger a denial of service...
VIGILANCE-VUL-22212

OpenSSL: multiple vulnerabilities
An attacker can use several vulnerabilities of OpenSSL...
1117414, 2000544, 2000988, 2000990, 2002331, 2004036, 2004940, 2009389, 2010154, 2011567, 2012827, 2014202, 2014651, 2014669, 2015080, BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, bulletinapr2017, bulletinjan2018, bulletinoct2017, CERTFR-2017-AVI-035, CERTFR-2018-AVI-343, cisco-sa-20170130-openssl, cpuapr2017, cpuapr2019, cpujan2018, cpujul2017, cpujul2018, cpuoct2017, CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732, DLA-814-1, DSA-2020-062, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FG-IR-17-019, FreeBSD-SA-17:02.openssl, ibm10732391, ibm10733905, ibm10738249, ibm10738401, JSA10775, JSA10990, K37526132, K43570545, K44512851, K-510805, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0481-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2017:2011-1, openSUSE-SU-2017:2868-1, openSUSE-SU-2018:0458-1, PAN-70674, PAN-73914, PAN-SA-2017-0012, PAN-SA-2017-0014, PAN-SA-2017-0016, RHSA-2017:0286-01, RHSA-2018:2568-01, RHSA-2018:2575-01, SA141, SA40423, SB10188, SSA:2017-041-02, SUSE-SU-2018:0112-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3082-1, TNS-2017-03, USN-3181-1, VIGILANCE-VUL-21692

libuv: buffer overflow via Windows Console
An attacker can generate a buffer overflow via Windows Console of libuv, in order to trigger a denial of service, and possibly to run code...
CVE-2016-9551, VIGILANCE-VUL-21198

Our database contains other pages. You can request a free trial to read them.

Display information about Nodejs Core:

https://nodejs.org/en/