CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

UbuntuCve•added 2018/06/13 4:29 p.m.•32 views

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

7.8CVSS6.8AI score0.01023EPSS

Prion•added 2018/06/13 4:29 p.m.•23 views

Cross site scripting

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

5CVSS7.3AI score0.00756EPSS

Prion•added 2018/06/13 4:29 p.m.•23 views

Design/Logic Flaw

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshak...

7.8CVSS7.2AI score0.01017EPSS

Cvelist•added 2018/06/13 4:0 p.m.•19 views

CVE-2018-7167

7.5AI score0.00756EPSS

CVE•added 2018/06/13 4:0 p.m.•79 views

CVE-2018-7162

CVE-2018-7162 affects Node.js 9.x and 10.x where a TLS handshake with duplicate/unexpected messages can crash a node http server, causing DoS. Root cause is a TLS handling issue in vulnerable Node.js versions. The vulnerability is addressed by updating the TLS implementation. Affected software is...

7.8CVSS7.1AI score0.01017EPSS

Cvelist•added 2018/06/13 4:0 p.m.•14 views

CVE-2018-7164

7.2AI score0.01074EPSS

Debian CVE•added 2018/06/13 4:0 p.m.•19 views

CVE-2018-7164

7.5CVSS7.2AI score0.01074EPSS

Debian CVE•added 2018/06/13 4:0 p.m.•40 views

CVE-2018-7167

7.5CVSS7.8AI score0.00756EPSS

AlpineLinux•added 2018/06/13 4:0 p.m.•51 views

CVE-2018-7161

7.8CVSS7.5AI score0.01023EPSS

CVE•added 2018/06/13 4:0 p.m.•78 views

CVE-2018-7164

CVE-2018-7164 affects Node.js 9.7.0+ and 10.x. The issue is a memory-exhaustion vulnerability introduced when reading from the network into JavaScript via the net.Socket object used as a stream, enabling a denial of service by sending tiny chunks in rapid succession. The behavior was reverted to ...

7.5CVSS7.1AI score0.01074EPSS

Cvelist•added 2018/06/13 4:0 p.m.•21 views

CVE-2018-7162

7.2AI score0.01017EPSS

Debian CVE•added 2018/06/13 4:0 p.m.•35 views

CVE-2018-7162

7.8CVSS7.3AI score0.01017EPSS

CVE•added 2018/06/13 4:0 p.m.•130 views

CVE-2018-7167

CVE-2018-7167 targets Node.js Buffer APIs. Affected: Node.js 6.x, 8.x, and 9.x (LTS boron/carbon and 9.x) with Buffer.fill() or Buffer.alloc() can hang, potentially enabling a DoS. The vulnerability stems from parameters that trigger a hang instead of proceeding to zero-fill. The issue was addres...

7.5CVSS7.3AI score0.00756EPSS

CVE•added 2018/06/13 4:0 p.m.•113 views

CVE-2018-7161

CVE-2018-7161 affects Node.js 8.x–10.x. A DoS can be triggered by interacting with an http2 server in a way that exposes a cleanup bug where objects are used in native code after release. The issue is addressed by updating the http2 implementation. Connected advisories indicate the vulnerability ...

7.8CVSS7.3AI score0.01023EPSS

Cvelist•added 2018/06/13 4:0 p.m.•23 views

CVE-2018-7161

7.4AI score0.01023EPSS

AlpineLinux•added 2018/06/13 4:0 p.m.•29 views

CVE-2018-7167

7.5CVSS7.6AI score0.00756EPSS

Debian CVE•added 2018/06/13 4:0 p.m.•29 views

CVE-2018-7161

7.8CVSS7.6AI score0.01023EPSS