Vulnerabilities > Nodejs > Node JS > 10.1.0

DATE CVE VULNERABILITY TITLE RISK
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. 		4.7
4.7
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
5.9
2018-08-21 CVE-2018-7166 Use of Uninitialized Resource vulnerability in Nodejs Node.Js
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory.
network
low complexity
nodejs CWE-908
7.5
7.5
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in multiple products
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
7.5
7.5
2018-06-13 CVE-2018-7164 Resource Exhaustion vulnerability in Nodejs Node.Js
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM.
network
low complexity
nodejs CWE-400
7.5
7.5
2018-06-13 CVE-2018-7162 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
7.5
2018-06-13 CVE-2018-7161 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
7.5
2018-06-12 CVE-2018-0732 Key Management Errors vulnerability in multiple products
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client.
network
low complexity
openssl debian canonical nodejs CWE-320
7.5
7.5
2018-05-08 CVE-2018-1000168 NULL Pointer Dereference vulnerability in multiple products
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service.
network
low complexity
nghttp2 nodejs debian CWE-476
7.5
7.5