K000136924: Node.JS vulnerabilities CVE-2018-7158, CVE-2018-7164, and CVE-2018-7166

Security Advisory Description CVE-2018-7158 The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service ReDoS vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is...

RHEL 7 : Red Hat OpenShift Application Runtimes Node.js 10.9.0 (RHSA-2018:2553)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2553 advisory. Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications...

Node.js Multiple Vulnerabilities (August 2018 Security Releases)

The version of Node.js installed on the remote host is 6.x prior to 6.14.4, 8.x prior to 8.11.4 or 10.x prior to 10.9.0. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Security Bulletin: Node.js as used in IBM QRadar Packet Capture is susceptible to multiple vulnerabilities

Summary Node.js as used in IBM QRadar Packet Capture has been updated to resolve multiple vulnerabilities Vulnerability Details CVEID: CVE-2018-7158 Description: Node.js path module is vulnerable to a denial of service. By sending a specially crafted file path, an attacker could exploit this...

Node.js 10.x < 10.9.0 Unintentional Exposure of Uninitialized Memory Vulnerability - Windows

Node.js is prone to an unintentional exposure of uninitialized memory. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Node.js 10.x < 10.9.0 Unintentional Exposure of Uninitialized Memory Vulnerability - Mac OS X

Node.js is prone to an unintentional exposure of uninitialized memory. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2018-7166

CVE-2018-7166 is confirmed in connected sources as an issue in Node.js prior to 10.9.0 where Buffer.alloc() can return uninitialized memory due to misinterpretation of the encoding argument by the fill path. The effect is potential exposure of sensitive information if user-controlled inputs influ...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...

CVE-2018-7166

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause Buffer.alloc to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying encoding can be passed as a number, this is...