CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4403 matches found

Veracode•added 2021/07/30 9:51 a.m.•34 views

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. A use-after-free allows an attacker to corrupt memory that would cause an application crash and potentially allow arbitrary code execution...

9.8CVSS8.4AI score0.37286EPSS

Exploits0References13Affected Software3

RedhatCVE•added 2021/07/29 2:25 p.m.•35 views

CVE-2021-32796

A flaw was found in nodejs-xmldom. The xmldom library is an open-source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Xmldom does not correctly escape special characters when serializing elements removed from their ancestor. This flaw may lead to...

6.5CVSS2.8AI score0.01347EPSS

Exploits0References4

RedHat Linux•added 2021/07/28 8:38 a.m.•4 views

nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode

A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service ReDoS. This issue only affects consumers using the strict option. The highest threat from this vulnerability is to availability...

7.5CVSS7.3AI score0.04699EPSS

Exploits1References4

RedHat Linux•added 2021/07/28 8:36 a.m.•4 views

nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

5.3CVSS7.3AI score0.03612EPSS

Exploits1References4

RedHat Linux•added 2021/07/28 8:36 a.m.•4 views

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

7.5CVSS7.3AI score0.01705EPSS

Exploits0References5

Tenable Nessus•added 2021/07/28 12:0 a.m.•60 views

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS

Exploits3References12

Tenable Nessus•added 2021/07/28 12:0 a.m.•59 views

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS

Exploits3References12

OSV•added 2021/07/25 2:45 p.m.•8 views

MGASA-2021-0372 Updated nodejs packages fix security vulnerabilities

This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true CVE-2020-7774. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Servic...

9.8CVSS7.1AI score0.69062EPSS

Exploits3References10

Mageia•added 2021/07/25 2:45 p.m.•61 views

Updated nodejs packages fix security vulnerabilities

9.8CVSS3.9AI score0.69062EPSS

Exploits3References9

RedHat Linux•added 2021/07/22 3:14 p.m.•3 views

nodejs-ua-parser-js: Regular expression denial of service via the regex

A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service ReDoS via the regex for Redmi Phones and Mi Pad Tablets UA...

7.5CVSS7.3AI score0.04483EPSS

Exploits1References5

RedHat Linux•added 2021/07/22 3:14 p.m.•6 views

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.2CVSS7.5AI score0.04087EPSS

Exploits2References4

RedHat Linux•added 2021/07/22 3:14 p.m.•52 views

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS7AI score0.04483EPSS

Exploits5References27

Tenable Nessus•added 2021/07/22 12:0 a.m.•100 views

RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2865 advisory. The ovirt-engine package provides the manager for virtualization environments. This manager enables admins to define hosts and networks, as...

7.5CVSS7.6AI score0.04483EPSS

Exploits5References33

BDU FSTEC•added 2021/07/20 12:0 a.m.•4 views

The vulnerability of the uv__idna_toascii() function on the Node.js software platform, which allows a hacker to trigger a service failure or gain unauthorized access to protected information.

The vulnerability of the uvidnatoascii function on the Node.js platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain unauthorized access to protected information...

8.2CVSS7AI score0.23132EPSS

Exploits1References12Affected Software11

ArchLinux•added 2021/07/20 12:0 a.m.•153 views

[ASA-202107-33] nodejs-lts-erbium: multiple issues

Arch Linux Security Advisory ASA-202107-33 ========================================== Severity: High Date : 2021-07-20 CVE-ID : CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 Package : nodejs-lts-erbium Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2128 Summary =====...

7.5CVSS1AI score0.23132EPSS

Exploits3References20

OSV•added 2021/07/19 9:3 p.m.•10 views

OPENSUSE-SU-2021:1059-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read bsc1187973 - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info bsc1187977 - CVE-2021-27290: Regular Expression Denial of Service bsc1187976 - CVE-2021-3450:...

9.8CVSS6.8AI score0.69062EPSS

Exploits8References13

OSV•added 2021/07/15 1:19 p.m.•5 views

OPENSUSE-SU-2021:2354-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial ...

9.8CVSS7.3AI score0.69062EPSS

Exploits4References9

OSV•added 2021/07/15 1:18 p.m.•8 views

SUSE-SU-2021:2353-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial o...

9.8CVSS6.5AI score0.69062EPSS

Exploits8References14

OSV•added 2021/07/15 1:18 p.m.•7 views

OPENSUSE-SU-2021:2353-1 Security update for nodejs10

9.8CVSS6.8AI score0.69062EPSS

Exploits8References14

OSV•added 2021/07/14 2:51 p.m.•5 views

SUSE-SU-2021:2319-1 Security update for nodejs14

9.8CVSS7.3AI score0.69062EPSS

Exploits4References9

Rows per page