Vulnerabilities > Joyent

DATE CVE VULNERABILITY TITLE RISK
2020-10-26 CVE-2020-27678 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022.
network
low complexity
illumos joyent omniosce CWE-120
7.5
2020-08-30 CVE-2020-7712 OS Command Injection vulnerability in Joyent Json
This affects the package json before 10.0.0.
network
low complexity
joyent CWE-78
6.5
2018-11-28 CVE-2018-12122 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
network
low complexity
joyent nodejs suse CWE-400
5.0
2018-11-28 CVE-2018-12121 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
network
low complexity
joyent nodejs CWE-400
5.0
2018-11-28 CVE-2018-12116 Http Request Smuggling vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
network
low complexity
joyent nodejs suse CWE-444
5.0
2018-09-07 CVE-2016-9040 Resource Exhaustion vulnerability in Joyent Smartos 20161110T013148Z
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system.
local
low complexity
joyent CWE-400
4.9
2018-06-07 CVE-2018-3737 Incorrect Regular Expression vulnerability in Joyent Sshpk 1.13.1
sshpk is vulnerable to ReDoS when parsing crafted invalid public keys.
network
low complexity
joyent CWE-185
5.0
2018-06-04 CVE-2017-16005 Improper Verification of Cryptographic Signature vulnerability in Joyent Http-Signature
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme".
network
low complexity
joyent CWE-347
5.0
2018-03-19 CVE-2018-1171 Out-Of-Bounds Write vulnerability in multiple products
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z.
6.9
2018-02-21 CVE-2018-1166 Improper Input Validation vulnerability in Joyent Smartos 20170803
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z.
local
low complexity
joyent CWE-20
7.2