Filtered by vendor Nodejs
Subscriptions
Filtered by product Node.js
Subscriptions
Total
160 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14919 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | ||||
| CVE-2013-7454 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | ||||
| CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | ||||
| CVE-2017-14849 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | ||||
| CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2025-04-20 | N/A |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | ||||
| CVE-2015-2927 | 3 Debian, Nodejs, Uronode | 3 Debian Linux, Node.js, Uro Node | 2025-04-20 | N/A |
| node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | ||||
| CVE-2017-1000381 | 4 C-ares, C-ares Project, Nodejs and 1 more | 4 C-ares, C-ares, Node.js and 1 more | 2025-04-20 | 7.5 High |
| The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. | ||||
| CVE-2016-6303 | 2 Nodejs, Openssl | 2 Node.js, Openssl | 2025-04-12 | 9.8 Critical |
| Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2014-7191 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2025-04-12 | N/A |
| The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. | ||||
| CVE-2016-3956 | 3 Ibm, Nodejs, Npmjs | 3 Sdk, Node.js, Npm | 2025-04-12 | 7.5 High |
| The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | ||||
| CVE-2016-0702 | 5 Canonical, Debian, Nodejs and 2 more | 6 Ubuntu Linux, Debian Linux, Node.js and 3 more | 2025-04-12 | 5.1 Medium |
| The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. | ||||
| CVE-2016-7052 | 3 Nodejs, Novell, Openssl | 3 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl | 2025-04-12 | 7.5 High |
| crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | ||||
| CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 14 Content Security Management Appliance, Node.js, Openssl and 11 more | 2025-04-12 | 7.5 High |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
| CVE-2016-5172 | 4 Debian, Google, Nodejs and 1 more | 4 Debian Linux, Chrome, Node.js and 1 more | 2025-04-12 | 6.5 Medium |
| The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | ||||
| CVE-2016-2086 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2025-04-12 | N/A |
| Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | ||||
| CVE-2016-2178 | 7 Canonical, Debian, Nodejs and 4 more | 10 Ubuntu Linux, Debian Linux, Node.js and 7 more | 2025-04-12 | 5.5 Medium |
| The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | ||||
| CVE-2015-3193 | 3 Canonical, Nodejs, Openssl | 3 Ubuntu Linux, Node.js, Openssl | 2025-04-12 | 7.5 High |
| The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. | ||||
| CVE-2015-8027 | 1 Nodejs | 1 Node.js | 2025-04-12 | N/A |
| Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request. | ||||
| CVE-2016-6304 | 4 Nodejs, Novell, Openssl and 1 more | 11 Node.js, Suse Linux Enterprise Module For Web Scripting, Openssl and 8 more | 2025-04-12 | 7.5 High |
| Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | ||||
| CVE-2013-6668 | 4 Debian, Google, Nodejs and 1 more | 7 Debian Linux, Chrome, V8 and 4 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||