CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

CVE-2018-12121

CVE-2018-12121 affects Node.js before versions 6.15.0, 8.14.0, 10.14.0 and 11.3.0. A Denial of Service can be triggered by sending many requests with maximum-sized HTTP headers (around 80 KB per connection) and carefully timed header completion, causing the HTTP server to abort due to heap alloca...

CVE-2019-5737

CVE-2019-5737 affects Node.js branches: 6.x < 6.17.0, 8.x < 8.15.1, 10.x < 10.15.2, and 11.x

CVE-2018-12122

CVE-2018-12122 affects Node.js versions before 6.15.0, 8.14.0, 10.14.0 and 11.3.0. It enables a Slowloris-style DoS by sending HTTP/HTTPS headers very slowly, keeping connections alive and consuming resources. A 40-second headersTimeout patch (adjustable via server.headersTimeout) helps defend, a...

CVE-2018-12123

CVE-2018-12123 concerns Node.js: hostname spoofing in the URL parser for the javascript protocol when using url.parse(). Affected are Node.js versions prior to 6.15.0, 8.14.0, 10.14.0 and 11.3.0. The issue allows a mixed-case javascript: URL to spoof the hostname, potentially causing security dec...