rpm package
suse/nodejs8&distro=SUSE Linux Enterprise Module for Web and Scripting 15
pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-12115 | — | < 8.11.4-3.8.2 | 8.11.4-3.8.2 | Aug 21, 2018 | In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that s | ||
| CVE-2018-7167 | — | < 8.11.3-3.5.1 | 8.11.3-3.5.1 | Jun 13, 2018 | Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in the | ||
| CVE-2018-7161 | — | < 8.11.3-3.5.1 | 8.11.3-3.5.1 | Jun 13, 2018 | All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers | ||
| CVE-2018-0732 | — | < 8.11.4-3.8.2 | 8.11.4-3.8.2 | Jun 12, 2018 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client | ||
| CVE-2018-1000168 | — | < 8.11.3-3.5.1 | 8.11.3-3.5.1 | May 8, 2018 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap |
- CVE-2018-12115Aug 21, 2018affected < 8.11.4-3.8.2fixed 8.11.4-3.8.2
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that s
- CVE-2018-7167Jun 13, 2018affected < 8.11.3-3.5.1fixed 8.11.3-3.5.1
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in the
- CVE-2018-7161Jun 13, 2018affected < 8.11.3-3.5.1fixed 8.11.3-3.5.1
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers
- CVE-2018-0732Jun 12, 2018affected < 8.11.4-3.8.2fixed 8.11.4-3.8.2
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
- CVE-2018-1000168May 8, 2018affected < 8.11.3-3.5.1fixed 8.11.3-3.5.1
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability ap
Page 2 of 2