csaf_suse - suse-su-2019:0117-1

suse-su-2019:0117-1

Vulnerability from csaf_suse

Published

2019-01-18 10:52

Modified

2019-01-18 10:52

Summary

Security update for nodejs4

Notes

Title of the patch

Security update for nodejs4

Description of the patch

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)

Patchnames

SUSE-2019-117,SUSE-SLE-Module-Web-Scripting-12-2019-117,SUSE-Storage-4-2019-117

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for nodejs4",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for nodejs4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)\n- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka \u0027PortSmash\u0027) (bsc#1113534)\n- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)\n- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)\n- CVE-2018-12122: Fixed the \u0027Slowloris\u0027 HTTP Denial of Service (bsc#1117627)\n- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)\n- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-117,SUSE-SLE-Module-Web-Scripting-12-2019-117,SUSE-Storage-4-2019-117",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0117-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:0117-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190117-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:0117-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005042.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113534",
        "url": "https://bugzilla.suse.com/1113534"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1113652",
        "url": "https://bugzilla.suse.com/1113652"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1117625",
        "url": "https://bugzilla.suse.com/1117625"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1117626",
        "url": "https://bugzilla.suse.com/1117626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1117627",
        "url": "https://bugzilla.suse.com/1117627"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1117629",
        "url": "https://bugzilla.suse.com/1117629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1117630",
        "url": "https://bugzilla.suse.com/1117630"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-0734 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-0734/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12116 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12120 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12120/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12121 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12121/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12122 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12122/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12123 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12123/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5407 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5407/"
      }
    ],
    "title": "Security update for nodejs4",
    "tracking": {
      "current_release_date": "2019-01-18T10:52:41Z",
      "generator": {
        "date": "2019-01-18T10:52:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:0117-1",
      "initial_release_date": "2019-01-18T10:52:41Z",
      "revision_history": [
        {
          "date": "2019-01-18T10:52:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs4-4.9.1-15.17.1.aarch64",
                "product": {
                  "name": "nodejs4-4.9.1-15.17.1.aarch64",
                  "product_id": "nodejs4-4.9.1-15.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs4-devel-4.9.1-15.17.1.aarch64",
                "product": {
                  "name": "nodejs4-devel-4.9.1-15.17.1.aarch64",
                  "product_id": "nodejs4-devel-4.9.1-15.17.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "npm4-4.9.1-15.17.1.aarch64",
                "product": {
                  "name": "npm4-4.9.1-15.17.1.aarch64",
                  "product_id": "npm4-4.9.1-15.17.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs4-4.9.1-15.17.1.i586",
                "product": {
                  "name": "nodejs4-4.9.1-15.17.1.i586",
                  "product_id": "nodejs4-4.9.1-15.17.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs4-devel-4.9.1-15.17.1.i586",
                "product": {
                  "name": "nodejs4-devel-4.9.1-15.17.1.i586",
                  "product_id": "nodejs4-devel-4.9.1-15.17.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "npm4-4.9.1-15.17.1.i586",
                "product": {
                  "name": "npm4-4.9.1-15.17.1.i586",
                  "product_id": "npm4-4.9.1-15.17.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs4-docs-4.9.1-15.17.1.noarch",
                "product": {
                  "name": "nodejs4-docs-4.9.1-15.17.1.noarch",
                  "product_id": "nodejs4-docs-4.9.1-15.17.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs4-4.9.1-15.17.1.ppc64le",
                "product": {
                  "name": "nodejs4-4.9.1-15.17.1.ppc64le",
                  "product_id": "nodejs4-4.9.1-15.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
                "product": {
                  "name": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
                  "product_id": "nodejs4-devel-4.9.1-15.17.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "npm4-4.9.1-15.17.1.ppc64le",
                "product": {
                  "name": "npm4-4.9.1-15.17.1.ppc64le",
                  "product_id": "npm4-4.9.1-15.17.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs4-4.9.1-15.17.1.x86_64",
                "product": {
                  "name": "nodejs4-4.9.1-15.17.1.x86_64",
                  "product_id": "nodejs4-4.9.1-15.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nodejs4-devel-4.9.1-15.17.1.x86_64",
                "product": {
                  "name": "nodejs4-devel-4.9.1-15.17.1.x86_64",
                  "product_id": "nodejs4-devel-4.9.1-15.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "npm4-4.9.1-15.17.1.x86_64",
                "product": {
                  "name": "npm4-4.9.1-15.17.1.x86_64",
                  "product_id": "npm4-4.9.1-15.17.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Web and Scripting 12",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Web and Scripting 12",
                  "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-web-scripting:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 4",
                "product": {
                  "name": "SUSE Enterprise Storage 4",
                  "product_id": "SUSE Enterprise Storage 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64"
        },
        "product_reference": "nodejs4-4.9.1-15.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le"
        },
        "product_reference": "nodejs4-4.9.1-15.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64"
        },
        "product_reference": "nodejs4-4.9.1-15.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-devel-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64"
        },
        "product_reference": "nodejs4-devel-4.9.1-15.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-devel-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le"
        },
        "product_reference": "nodejs4-devel-4.9.1-15.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-devel-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64"
        },
        "product_reference": "nodejs4-devel-4.9.1-15.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-docs-4.9.1-15.17.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch"
        },
        "product_reference": "nodejs4-docs-4.9.1-15.17.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm4-4.9.1-15.17.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64"
        },
        "product_reference": "npm4-4.9.1-15.17.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm4-4.9.1-15.17.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le"
        },
        "product_reference": "npm4-4.9.1-15.17.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm4-4.9.1-15.17.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
          "product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        },
        "product_reference": "npm4-4.9.1-15.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-4.9.1-15.17.1.aarch64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64"
        },
        "product_reference": "nodejs4-4.9.1-15.17.1.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs4-4.9.1-15.17.1.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64"
        },
        "product_reference": "nodejs4-4.9.1-15.17.1.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-0734",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-0734"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-0734",
          "url": "https://www.suse.com/security/cve/CVE-2018-0734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113652 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113652"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113742 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1113742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122198 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1122198"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122212 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1122212"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2018-0734",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-0734"
    },
    {
      "cve": "CVE-2018-12116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12116",
          "url": "https://www.suse.com/security/cve/CVE-2018-12116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117630 for CVE-2018-12116",
          "url": "https://bugzilla.suse.com/1117630"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12116"
    },
    {
      "cve": "CVE-2018-12120",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12120"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12120",
          "url": "https://www.suse.com/security/cve/CVE-2018-12120"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117625 for CVE-2018-12120",
          "url": "https://bugzilla.suse.com/1117625"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-12120"
    },
    {
      "cve": "CVE-2018-12121",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12121"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12121",
          "url": "https://www.suse.com/security/cve/CVE-2018-12121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117626 for CVE-2018-12121",
          "url": "https://bugzilla.suse.com/1117626"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127532 for CVE-2018-12121",
          "url": "https://bugzilla.suse.com/1127532"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12121"
    },
    {
      "cve": "CVE-2018-12122",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12122"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12122",
          "url": "https://www.suse.com/security/cve/CVE-2018-12122"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117627 for CVE-2018-12122",
          "url": "https://bugzilla.suse.com/1117627"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12122"
    },
    {
      "cve": "CVE-2018-12123",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12123"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12123",
          "url": "https://www.suse.com/security/cve/CVE-2018-12123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1117629 for CVE-2018-12123",
          "url": "https://bugzilla.suse.com/1117629"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12123"
    },
    {
      "cve": "CVE-2018-5407",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5407"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
          "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5407",
          "url": "https://www.suse.com/security/cve/CVE-2018-5407"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113534 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1113534"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1116195 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1116195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1126909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1148697 for CVE-2018-5407",
          "url": "https://bugzilla.suse.com/1148697"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1.x86_64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1.noarch",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.aarch64",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.ppc64le",
            "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-01-18T10:52:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5407"
    }
  ]
}

CVE-2018-12122 (GCVE-0-2018-12122)

Vulnerability from cvelistv5

Published

2018-11-28 17:00

Modified

2024-12-13 13:09

Severity ?

CWE

CWE-400 - Uncontrolled Resource Consumption / Denial of Service

Summary

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

References

►

URL

Tags

	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106043	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2019:1821	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-48	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The Node.js Project	Node.js	Version: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-13T13:09:20.260Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "106043",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106043"
          },
          {
            "name": "RHSA-2019:1821",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1821"
          },
          {
            "name": "GLSA-202003-48",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-48"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption / Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-20T20:06:05",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "106043",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106043"
        },
        {
          "name": "RHSA-2019:1821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1821"
        },
        {
          "name": "GLSA-202003-48",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "ID": "CVE-2018-12122",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "106043",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106043"
            },
            {
              "name": "RHSA-2019:1821",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1821"
            },
            {
              "name": "GLSA-202003-48",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-12122",
    "datePublished": "2018-11-28T17:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-12-13T13:09:20.260Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12121 (GCVE-0-2018-12121)

Vulnerability from cvelistv5

Published

2018-11-28 17:00

Modified

2024-12-27 16:02

Severity ?

CWE

CWE-400 - Uncontrolled Resource Consumption / Denial of Service

Summary

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.

References

►

URL

Tags

	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106043	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2019:1821	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2258	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3497	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-48	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The Node.js Project	Node.js	Version: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-27T16:02:58.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "106043",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106043"
          },
          {
            "name": "RHSA-2019:1821",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1821"
          },
          {
            "name": "RHSA-2019:2258",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2258"
          },
          {
            "name": "RHSA-2019:3497",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3497"
          },
          {
            "name": "GLSA-202003-48",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-48"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241227-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption / Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-20T20:06:06",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "106043",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106043"
        },
        {
          "name": "RHSA-2019:1821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1821"
        },
        {
          "name": "RHSA-2019:2258",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2258"
        },
        {
          "name": "RHSA-2019:3497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3497"
        },
        {
          "name": "GLSA-202003-48",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "ID": "CVE-2018-12121",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption / Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "106043",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106043"
            },
            {
              "name": "RHSA-2019:1821",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1821"
            },
            {
              "name": "RHSA-2019:2258",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2258"
            },
            {
              "name": "RHSA-2019:3497",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3497"
            },
            {
              "name": "GLSA-202003-48",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-12121",
    "datePublished": "2018-11-28T17:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-12-27T16:02:58.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12116 (GCVE-0-2018-12116)

Vulnerability from cvelistv5

Published

2018-11-28 17:00

Modified

2024-08-05 08:24

Severity ?

CWE

CWE-115 - Misinterpretation of Input

Summary

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.

References

►

URL

Tags

	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:1821	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-48	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The Node.js Project	Node.js	Version: All versions prior to Node.js 6.15.0 and 8.14.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:24:03.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "RHSA-2019:1821",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1821"
          },
          {
            "name": "GLSA-202003-48",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-48"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to Node.js 6.15.0 and 8.14.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-115",
              "description": "CWE-115: Misinterpretation of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-20T20:06:04",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "RHSA-2019:1821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1821"
        },
        {
          "name": "GLSA-202003-48",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "ID": "CVE-2018-12116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to Node.js 6.15.0 and 8.14.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-115: Misinterpretation of Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "RHSA-2019:1821",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1821"
            },
            {
              "name": "GLSA-202003-48",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-12116",
    "datePublished": "2018-11-28T17:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-08-05T08:24:03.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12120 (GCVE-0-2018-12120)

Vulnerability from cvelistv5

Published

2018-11-28 17:00

Modified

2024-08-05 08:24

Severity ?

CWE

CWE-419 - Unprotected Primary Channel

Summary

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.

References

►

URL

Tags

	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106040	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	The Node.js Project	Node.js	Version: All versions prior to Node.js 6.15.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:24:03.745Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "106040",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106040"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to Node.js 6.15.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-419",
              "description": "CWE-419: Unprotected Primary Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-29T10:57:01",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "106040",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106040"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "ID": "CVE-2018-12120",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to Node.js 6.15.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-419: Unprotected Primary Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "106040",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106040"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-12120",
    "datePublished": "2018-11-28T17:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-08-05T08:24:03.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-12123 (GCVE-0-2018-12123)

Vulnerability from cvelistv5

Published

2018-11-28 17:00

Modified

2024-12-13 13:09

Severity ?

CWE

CWE-115 - Misinterpretation of Input

Summary

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect.

References

►

URL

Tags

	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:1821	vendor-advisory, x_refsource_REDHAT
	https://security.gentoo.org/glsa/202003-48	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	The Node.js Project	Node.js	Version: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-13T13:09:21.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "RHSA-2019:1821",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1821"
          },
          {
            "name": "GLSA-202003-48",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-48"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Node.js",
          "vendor": "The Node.js Project",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
            }
          ]
        }
      ],
      "datePublic": "2018-11-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-115",
              "description": "CWE-115: Misinterpretation of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-20T20:06:13",
        "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
        "shortName": "nodejs"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "RHSA-2019:1821",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1821"
        },
        {
          "name": "GLSA-202003-48",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-48"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-request@iojs.org",
          "ID": "CVE-2018-12123",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Node.js",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Node.js Project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case \"javascript:\" (e.g. \"javAscript:\") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-115: Misinterpretation of Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "RHSA-2019:1821",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1821"
            },
            {
              "name": "GLSA-202003-48",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-48"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558",
    "assignerShortName": "nodejs",
    "cveId": "CVE-2018-12123",
    "datePublished": "2018-11-28T17:00:00",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-12-13T13:09:21.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5407 (GCVE-0-2018-5407)

Vulnerability from cvelistv5

Published

2018-11-15 21:00

Modified

2024-08-05 05:33

Severity ?

CWE

CWE-200

Summary

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2019:0483	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20181126-0001/	x_refsource_CONFIRM
	https://usn.ubuntu.com/3840-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4355	vendor-advisory, x_refsource_DEBIAN
	https://www.tenable.com/security/tns-2018-17	x_refsource_CONFIRM
	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201903-10	vendor-advisory, x_refsource_GENTOO
	https://www.tenable.com/security/tns-2018-16	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/45785/	exploit, x_refsource_EXPLOIT-DB
	https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html	mailing-list, x_refsource_MLIST
	https://github.com/bbbrumley/portsmash	x_refsource_MISC
	https://www.debian.org/security/2018/dsa-4348	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/105897	vdb-entry, x_refsource_BID
	https://eprint.iacr.org/2018/1060.pdf	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:0651	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:0652	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2019:2125	vendor-advisory, x_refsource_REDHAT
	https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3929	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3931	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3935	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3932	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	N/A	Processors supporting Simultaneous Multi-Threading	Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:0483",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0483"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "45785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45785/"
          },
          {
            "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bbbrumley/portsmash"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "name": "105897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eprint.iacr.org/2018/1060.pdf"
          },
          {
            "name": "RHSA-2019:0651",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0651"
          },
          {
            "name": "RHSA-2019:0652",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0652"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "RHSA-2019:2125",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2125"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Processors supporting Simultaneous Multi-Threading",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:46",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2019:0483",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0483"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "45785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45785/"
        },
        {
          "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bbbrumley/portsmash"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "name": "105897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eprint.iacr.org/2018/1060.pdf"
        },
        {
          "name": "RHSA-2019:0651",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0651"
        },
        {
          "name": "RHSA-2019:0652",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0652"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "RHSA-2019:2125",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2125"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Processors supporting Simultaneous Multi-Threading",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "N/A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "N/A"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:0483",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0483"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181126-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "45785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45785/"
            },
            {
              "name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
            },
            {
              "name": "https://github.com/bbbrumley/portsmash",
              "refsource": "MISC",
              "url": "https://github.com/bbbrumley/portsmash"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "105897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105897"
            },
            {
              "name": "https://eprint.iacr.org/2018/1060.pdf",
              "refsource": "MISC",
              "url": "https://eprint.iacr.org/2018/1060.pdf"
            },
            {
              "name": "RHSA-2019:0651",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0651"
            },
            {
              "name": "RHSA-2019:0652",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0652"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "RHSA-2019:2125",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2125"
            },
            {
              "name": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K49711130?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5407",
    "datePublished": "2018-11-15T21:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-0734 (GCVE-0-2018-0734)

Vulnerability from cvelistv5

Published

2018-10-30 12:00

Modified

2024-09-16 23:10

Severity ?

CWE

Constant time issue

Summary

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

References

►

URL

Tags

	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://usn.ubuntu.com/3840-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2018/dsa-4355	vendor-advisory, x_refsource_DEBIAN
	https://security.netapp.com/advisory/ntap-20181105-0002/	x_refsource_CONFIRM
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2018-17	x_refsource_CONFIRM
	https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2018-16	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105758	vdb-entry, x_refsource_BID
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7	x_refsource_CONFIRM
	https://www.debian.org/security/2018/dsa-4348	vendor-advisory, x_refsource_DEBIAN
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac	x_refsource_CONFIRM
	https://www.openssl.org/news/secadv/20181030.txt	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20190118-0002/	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20190423-0002/	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2019:2304	vendor-advisory, x_refsource_REDHAT
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:3700	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3935	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3932	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 1.1.1a (Affected 1.1.1) Version: Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i) Version: Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "USN-3840-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3840-1/"
          },
          {
            "name": "DSA-4355",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4355"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-17"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-16"
          },
          {
            "name": "105758",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
          },
          {
            "name": "DSA-4348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20181030.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "name": "openSUSE-SU-2019:1547",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "openSUSE-SU-2019:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3700",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3700"
          },
          {
            "name": "RHSA-2019:3933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3933"
          },
          {
            "name": "RHSA-2019:3935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3935"
          },
          {
            "name": "RHSA-2019:3932",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3932"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Samuel Weiser"
        }
      ],
      "datePublic": "2018-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Constant time issue",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T21:06:42",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "USN-3840-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3840-1/"
        },
        {
          "name": "DSA-4355",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4355"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-17"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-16"
        },
        {
          "name": "105758",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
        },
        {
          "name": "DSA-4348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20181030.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "name": "openSUSE-SU-2019:1547",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "openSUSE-SU-2019:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3700",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3700"
        },
        {
          "name": "RHSA-2019:3933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3933"
        },
        {
          "name": "RHSA-2019:3935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3935"
        },
        {
          "name": "RHSA-2019:3932",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3932"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        }
      ],
      "title": "Timing attack against DSA",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-10-30",
          "ID": "CVE-2018-0734",
          "STATE": "PUBLIC",
          "TITLE": "Timing attack against DSA"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Samuel Weiser"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Low",
            "value": "Low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Constant time issue"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "USN-3840-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3840-1/"
            },
            {
              "name": "DSA-4355",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4355"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-17",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-17"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-16",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-16"
            },
            {
              "name": "105758",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105758"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
            },
            {
              "name": "DSA-4348",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4348"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20181030.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20181030.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "openSUSE-SU-2019:1547",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "openSUSE-SU-2019:1814",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3700",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3700"
            },
            {
              "name": "RHSA-2019:3933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3933"
            },
            {
              "name": "RHSA-2019:3935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3935"
            },
            {
              "name": "RHSA-2019:3932",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3932"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0734",
    "datePublished": "2018-10-30T12:00:00Z",
    "dateReserved": "2017-11-30T00:00:00",
    "dateUpdated": "2024-09-16T23:10:36.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2019:0117-1

Vulnerability from csaf_suse

CVE-2018-12122 (GCVE-0-2018-12122)

Vulnerability from cvelistv5

CVE-2018-12121 (GCVE-0-2018-12121)

Vulnerability from cvelistv5

CVE-2018-12116 (GCVE-0-2018-12116)

Vulnerability from cvelistv5

CVE-2018-12120 (GCVE-0-2018-12120)

Vulnerability from cvelistv5

CVE-2018-12123 (GCVE-0-2018-12123)

Vulnerability from cvelistv5

CVE-2018-5407 (GCVE-0-2018-5407)

Vulnerability from cvelistv5

CVE-2018-0734 (GCVE-0-2018-0734)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature