Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Joyent Subscribe
Filtered by product Node.js

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12121 2 Joyent, Nodejs 2 Node.js, Node.js 2020-03-20 5.0 MEDIUM 7.5 HIGH
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer.
CVE-2018-12122 3 Joyent, Nodejs, Suse 5 Node.js, Node.js, Suse Enterprise Storage and 2 more 2020-03-20 5.0 MEDIUM 7.5 HIGH
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
CVE-2018-12116 3 Joyent, Nodejs, Suse 5 Node.js, Node.js, Suse Enterprise Storage and 2 more 2020-03-20 5.0 MEDIUM 7.5 HIGH
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
CVE-2014-6394 3 Apple, Fedoraproject, Joyent 3 Xcode, Fedora, Node.js 2017-09-08 7.5 HIGH N/A
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
CVE-2014-7192 1 Joyent 1 Node.js 2017-09-08 10.0 HIGH N/A
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.