CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7911 matches found

OpenVAS•added 2018/11/29 12:0 a.m.•32 views

Node.js 'HTTP Splitting' Privilege Escalation Vulnerability - Mac OS X

Node.js is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS8AI score0.00531EPSS

Exploits0References1

OpenVAS•added 2018/11/29 12:0 a.m.•43 views

Node.js Multiple Vulnerabilities (Nov 2018) - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.5CVSS6.8AI score0.05572EPSS

Exploits0References1

Prion•added 2018/11/28 5:29 p.m.•31 views

Heap overflow

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

5CVSS7.3AI score0.05572EPSS

Exploits0References6Affected Software8

OSV•added 2018/11/28 5:29 p.m.•29 views

CVE-2018-12123

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

4.3CVSS6.5AI score

Exploits0References4

OSV•added 2018/11/28 5:29 p.m.•1 views

ALPINE-CVE-2018-12121

7.5CVSS8.9AI score0.05572EPSS

Exploits0References1

NVD•added 2018/11/28 5:29 p.m.•21 views

CVE-2018-12121

7.5CVSS7.5AI score0.05572EPSS

Exploits0References7

Prion•added 2018/11/28 5:29 p.m.•27 views

Design/Logic Flaw

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

5CVSS7.3AI score0.02342EPSS

Exploits0References4Affected Software4

NVD•added 2018/11/28 5:29 p.m.•16 views

CVE-2018-12122

7.5CVSS7.5AI score0.02342EPSS

Exploits0References5

OSV•added 2018/11/28 5:29 p.m.•26 views

CVE-2018-12121

7.5CVSS6.6AI score

Exploits0References7

UbuntuCve•added 2018/11/28 5:29 p.m.•22 views

CVE-2018-12123

4.3CVSS6.8AI score0.03942EPSS

Exploits0References3

UbuntuCve•added 2018/11/28 5:29 p.m.•24 views

CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

8.1CVSS7.2AI score0.00422EPSS

Exploits0References2

NVD•added 2018/11/28 5:29 p.m.•24 views

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

7.5CVSS7.5AI score0.00531EPSS

Exploits0References3

OSV•added 2018/11/28 5:29 p.m.•1 views

DEBIAN-CVE-2018-12120

8.1CVSS7AI score0.00422EPSS

Exploits0References1

UbuntuCve•added 2018/11/28 5:29 p.m.•28 views

CVE-2018-12122

7.5CVSS6.8AI score0.02342EPSS

Exploits0References3

UbuntuCve•added 2018/11/28 5:29 p.m.•29 views

CVE-2018-12116