Vulnerabilities > Nodejs > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-28 CVE-2018-12122 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.
network
low complexity
nodejs suse CWE-400
7.5
2018-11-28 CVE-2018-12121 Resource Exhaustion vulnerability in multiple products
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure.
network
low complexity
nodejs redhat CWE-400
7.5
2018-11-28 CVE-2018-12120 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nodejs Node.Js
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default.
network
high complexity
nodejs CWE-829
8.1
2018-11-28 CVE-2018-12116 Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.
network
low complexity
nodejs suse
7.5
2018-08-21 CVE-2018-7166 Use of Uninitialized Resource vulnerability in Nodejs Node.Js
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory.
network
low complexity
nodejs CWE-908
7.5
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in multiple products
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
7.5
2018-06-13 CVE-2018-7167 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service.
network
low complexity
nodejs CWE-119
7.5
2018-06-13 CVE-2018-7164 Resource Exhaustion vulnerability in Nodejs Node.Js
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM.
network
low complexity
nodejs CWE-400
7.5
2018-06-13 CVE-2018-7162 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
2018-06-13 CVE-2018-7161 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5