Lucene search
+L
NodejsNode.js6.0.0

10 matches found

cve
cve
added 2018/10/30 12:0 p.m.540 views

CVE-2018-0734

CVE-2018-0734 (OpenSSL) describes a timing side-channel in the DSA signature algorithm that could enable private key recovery. The initial entry notes fixes in OpenSSL releases 1.1.1a (and 1.1.0j, 1.0.2q) for affected branches. Connected advisories (CloudLinux, Arch Linux, Amazon/Linux distributi...

5.9CVSS5.9AI score0.12154EPSS
cve
cve
added 2018/06/12 1:0 p.m.456 views

CVE-2018-0732

CVE-2018-0732 : OpenSSL vulnerability where, during TLS handshakes using DH(E) ciphersuites, a malicious server could send an excessively large prime, causing the client to spend an unreasonably long time computing a key and hang (DoS). The issue is specific to DH parameters during the Server Key...

7.5CVSS7.7AI score0.49268EPSS
cve
cve
added 2018/11/28 5:0 p.m.384 views

CVE-2018-12121

CVE-2018-12121 affects Node.js before versions 6.15.0, 8.14.0, 10.14.0 and 11.3.0. A Denial of Service can be triggered by sending many requests with maximum-sized HTTP headers (around 80 KB per connection) and carefully timed header completion, causing the HTTP server to abort due to heap alloca...

7.5CVSS7.5AI score0.10207EPSS
cve
cve
added 2018/11/28 5:0 p.m.253 views

CVE-2018-12116

CVE-2018-12116 in Node.js is an HTTP request splitting vulnerability: if an unsanitized Unicode path is supplied, a second user-defined HTTP request can be generated to the same server. Affected are all Node.js versions prior to 6.15.0 and 8.14.0. The vulnerability may enable DoS and, per related...

7.5CVSS7.5AI score0.04612EPSS
cve
cve
added 2018/05/17 2:0 p.m.253 views

CVE-2018-7159

CVE-2018-7159 affects the Node.js http-parser component: the HTTP parser ignores spaces in Content-Length, allowing Content-Length: 1 2 to be treated as 12. The risk is described as very low in the CVE entry, with exploitation considered difficult. Connected sources confirm this affects http-pars...

5.3CVSS6.2AI score0.03621EPSS
cve
cve
added 2018/05/17 2:0 p.m.229 views

CVE-2018-7160

CVE-2018-7160 affects Node.js inspector (6.x and later) and describes a DNS rebinding vulnerability that enables remote code execution if a Node.js process has an open debug port on localhost or a local-network host. An attacker-originating website can trigger a DNS rebinding to bypass same-origi...

8.8CVSS8.3AI score0.09916EPSS
cve
cve
added 2018/11/28 5:0 p.m.227 views

CVE-2018-12122

CVE-2018-12122 affects Node.js versions before 6.15.0, 8.14.0, 10.14.0 and 11.3.0. It enables a Slowloris-style DoS by sending HTTP/HTTPS headers very slowly, keeping connections alive and consuming resources. A 40-second headersTimeout patch (adjustable via server.headersTimeout) helps defend, a...

7.5CVSS7.3AI score0.41288EPSS
cve
cve
added 2018/11/28 5:0 p.m.223 views

CVE-2018-12123

CVE-2018-12123 concerns Node.js: hostname spoofing in the URL parser for the javascript protocol when using url.parse(). Affected are Node.js versions prior to 6.15.0, 8.14.0, 10.14.0 and 11.3.0. The issue allows a mixed-case javascript: URL to spoof the hostname, potentially causing security dec...

4.3CVSS5.7AI score0.0405EPSS
cve
cve
added 2018/05/08 3:0 p.m.200 views

CVE-2018-1000168

CVE-2018-1000168 affects nghttp2 versions 1.10.0 through 1.31.0, where an improper input validation in ALTSVC frame handling can cause a segmentation fault and denial of service. The vulnerability is exploitable via network clients. Public advisories confirm the issue is fixed in nghttp2 >= 1....

7.5CVSS6.4AI score0.10649EPSS
cve
cve
added 2018/11/28 5:0 p.m.173 views

CVE-2018-12120

CVE-2018-12120 affects Node.js: prior to 6.15.0, the debugger port 5858 listened on all interfaces by default, enabling potential remote attachment to evaluate JavaScript. The default was changed to localhost, and Node.js 8+ removed the debugger, replacing it with the inspector, so versions 8 and...

8.1CVSS7.8AI score0.04277EPSS