EUVD-2018-18909

Malware in sbrugna...

EUVD-2018-18908

Malware in sbrugna...

Ubuntu 16.04 ESM / 18.04 ESM : Node.js vulnerabilities (USN-4796-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4796-1 advisory. Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An...

K000137093: Node.js vulnerabilities CVE-2018-7167, CVE-2018-12115, and CVE-2018-12116

Security Advisory Description CVE-2018-7167 Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instea...

K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

USN-4796-1: Node.js vulnerabilities

Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...

SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:1918-1)

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http...

nodejs: Unintentional exposure of uninitialized memory

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

CVE-2018-7166 is confirmed in connected sources as an issue in Node.js prior to 10.9.0 where Buffer.alloc() can return uninitialized memory due to misinterpretation of the encoding argument by the fill path. The effect is potential exposure of sensitive information if user-controlled inputs influ...

Design/Logic Flaw

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

Information Disclosure

node is vulnerable to information disclosure attacks. The vulnerability exists through the use of Buffer.alloc, exposing uninitialized memory...

openSUSE Security Update : nodejs8 (openSUSE-2018-724)

This update for nodejs8 to version 8.11.3 fixes the following issues : These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the htt...

Security update for nodejs8 (moderate)

This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http2...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. A malicious user can call the Buffer.fill or Buffer.alloc function to cause the application to hang, leading to a denial of service...

CVE-2018-7167

It was found that the Buffer.fill and Buffer.alloc function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service...