Max CVSS | 6.8 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-12120 | 6.8 |
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote compu
|
06-09-2022 - 18:00 | 28-11-2018 - 17:29 | |
CVE-2018-12122 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources ali
|
06-09-2022 - 17:57 | 28-11-2018 - 17:29 | |
CVE-2018-12123 | 4.3 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a m
|
06-09-2022 - 17:56 | 28-11-2018 - 17:29 | |
CVE-2018-12121 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of
|
06-09-2022 - 17:54 | 28-11-2018 - 17:29 | |
CVE-2018-0735 | 4.3 |
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope
|
29-08-2022 - 20:41 | 29-10-2018 - 13:29 | |
CVE-2018-0734 | 4.3 |
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
|
29-08-2022 - 20:41 | 30-10-2018 - 12:29 | |
CVE-2018-12116 | 5.0 |
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a secon
|
29-08-2022 - 20:24 | 28-11-2018 - 17:29 | |
CVE-2018-5407 | 1.9 |
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
|
18-09-2020 - 16:58 | 15-11-2018 - 21:29 |