4 matches found
CVE-2018-5407
CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...
CVE-2018-12115
CVE-2018-12115 is an out-of-bounds write in Node.js Buffer when using UCS-2/UTF-16LE encodings. Affected: all Node.js versions before 6.14.4, 8.11.4, and 10.9.0. Impact: writes starting near the buffer end can miscalculate max input length, enabling memory writes outside the buffer and potentiall...
CVE-2018-7167
CVE-2018-7167 targets Node.js Buffer APIs. Affected: Node.js 6.x, 8.x, and 9.x (LTS boron/carbon and 9.x) with Buffer.fill() or Buffer.alloc() can hang, potentially enabling a DoS. The vulnerability stems from parameters that trigger a hang instead of proceeding to zero-fill. The issue was addres...
CVE-2017-16024
The CVE-2017-16024 entry concerns the sync-exec module, used to simulate Node.js child_process.execSync in Node versions