Vulnerabilities > Joyent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-26 | CVE-2020-27678 | Classic Buffer Overflow vulnerability in multiple products An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. | 7.5 |
| 2020-08-30 | CVE-2020-7712 | OS Command Injection vulnerability in Joyent Json This affects the package json before 10.0.0. | 6.5 |
| 2018-11-28 | CVE-2018-12122 | Resource Exhaustion vulnerability in multiple products Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time. | 5.0 |
| 2018-11-28 | CVE-2018-12121 | Resource Exhaustion vulnerability in multiple products Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. | 5.0 |
| 2018-11-28 | CVE-2018-12116 | Http Request Smuggling vulnerability in multiple products Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server. | 5.0 |
| 2018-09-07 | CVE-2016-9040 | Resource Exhaustion vulnerability in Joyent Smartos 20161110T013148Z An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. | 4.9 |
| 2018-06-07 | CVE-2018-3737 | Incorrect Regular Expression vulnerability in Joyent Sshpk 1.13.1 sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | 5.0 |
| 2018-06-04 | CVE-2017-16005 | Improper Verification of Cryptographic Signature vulnerability in Joyent Http-Signature Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". | 5.0 |
| 2018-03-19 | CVE-2018-1171 | Out-Of-Bounds Write vulnerability in multiple products This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 6.9 |
| 2018-02-21 | CVE-2018-1166 | Improper Input Validation vulnerability in Joyent Smartos 20170803 This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 7.2 |