Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-5737 | 5.0 |
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly
|
07-03-2024 - 21:36 | 28-03-2019 - 17:29 | |
CVE-2019-15605 | 7.5 |
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
|
07-03-2024 - 21:24 | 07-02-2020 - 15:15 | |
CVE-2019-15606 | 7.5 |
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
|
07-03-2024 - 21:24 | 07-02-2020 - 15:15 | |
CVE-2019-15604 | 5.0 |
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
|
07-03-2024 - 21:24 | 07-02-2020 - 15:15 | |
CVE-2018-12122 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources ali
|
06-09-2022 - 17:57 | 28-11-2018 - 17:29 | |
CVE-2018-12123 | 4.3 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a m
|
06-09-2022 - 17:56 | 28-11-2018 - 17:29 | |
CVE-2018-12121 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of
|
06-09-2022 - 17:54 | 28-11-2018 - 17:29 | |
CVE-2018-7167 | 5.0 |
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero
|
29-08-2022 - 20:24 | 13-06-2018 - 16:29 | |
CVE-2018-12116 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a secon
|
29-08-2022 - 20:24 | 28-11-2018 - 17:29 | |
CVE-2018-7164 | 5.0 |
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker c
|
29-08-2022 - 20:21 | 13-06-2018 - 16:29 | |
CVE-2018-7161 | 7.8 |
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 se
|
16-08-2022 - 13:00 | 13-06-2018 - 16:29 | |
CVE-2018-7162 | 7.8 |
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending
|
16-08-2022 - 13:00 | 13-06-2018 - 16:29 | |
CVE-2019-16777 | 5.5 |
Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and cre
|
02-08-2022 - 20:45 | 13-12-2019 - 01:15 | |
CVE-2019-5739 | 5.0 |
Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier
|
16-10-2020 - 19:08 | 28-03-2019 - 17:29 | |
CVE-2018-12115 | 5.0 |
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a
|
20-03-2020 - 21:15 | 21-08-2018 - 12:29 |