Max CVSS | 7.8 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-7167 | 5.0 |
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero
|
29-08-2022 - 20:24 | 13-06-2018 - 16:29 | |
CVE-2018-7160 | 6.8 |
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer w
|
16-08-2022 - 13:01 | 17-05-2018 - 14:29 | |
CVE-2018-7161 | 7.8 |
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 se
|
16-08-2022 - 13:00 | 13-06-2018 - 16:29 | |
CVE-2018-12115 | 5.0 |
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a
|
20-03-2020 - 21:15 | 21-08-2018 - 12:29 | |
CVE-2018-7159 | 5.0 |
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Conte
|
13-02-2020 - 15:55 | 17-05-2018 - 14:29 |