Lucene search
+L

159 matches found

RedHat Linux
RedHat Linux
added 2021/09/22 9:6 a.m.9 views

nodejs: Use-after-free on close http2 on stream canceling

A flaw was found in Node.js, where it is vulnerable to a use-after-free attack. This flaw allows an attacker to exploit the memory corruption, which causes a change in the process behavior. The highest threat from this vulnerability is to confidentiality and integrity...

9.8CVSS7.3AI score0.37286EPSS
Exploits0References4
Veracode
Veracode
added 2021/07/30 9:51 a.m.35 views

Denial Of Service (DoS)

nodejs is vulnerable to Denial Of Service DoS. A use-after-free allows an attacker to corrupt memory that would cause an application crash and potentially allow arbitrary code execution...

9.8CVSS8.4AI score0.37286EPSS
Exploits0References13Affected Software3
OSV
OSV
added 2021/07/12 11:15 a.m.2 views

DEBIAN-CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.5AI score0.23132EPSS
Exploits1References1
OSV
OSV
added 2021/03/03 6:15 p.m.2 views

DEBIAN-CVE-2021-22884

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DN...

7.5CVSS7AI score0.32362EPSS
Exploits1References1
OSV
OSV
added 2021/03/03 6:15 p.m.1 views

DEBIAN-CVE-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

7.5CVSS6.8AI score0.77385EPSS
Exploits0References1
Veracode
Veracode
added 2021/02/24 5:20 p.m.32 views

Denial Of Service (DoS)

nodejs is vulnerable to denial of serviceDoS attacks. A remote attacker could cause memory exhaustion via too many connection attempts with an 'unknownProtocol' leading to system unavailability...

7.5CVSS3.7AI score0.77385EPSS
Exploits0References17Affected Software4
CNNVD
CNNVD
added 2021/02/23 12:0 a.m.8 views

Nodejs Security Vulnerabilities

nodejs is a JavaScript runtime environment based on the ChromeV8 engine by packaging the Chromev8 engine and the use of event-driven and non-blocking IO applications to make the development of high-performance Javascript background applications possible. A security vulnerability exists in Nodejs,...

7.8CVSS7AI score0.77385EPSS
Exploits1References43
RedHat Linux
RedHat Linux
added 2021/02/16 2:25 p.m.3 views

nodejs: HTTP request smuggling via two copies of a header field in an http request

A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request smuggling. The highest threat from this vulnerability is to data confidentiality and integrity...

6.5CVSS7.3AI score0.16296EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/02/15 6:28 p.m.2 views

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

8.1CVSS7.2AI score0.09009EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/11/04 12:35 p.m.5 views

nodejs: HTTP request smuggling due to CR-to-Hyphen conversion

A flaw was found in Node.js, where affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing. This flaw leads to HTTP Request Smuggling as it is a non-standard interpretation of the header. The highest threat from this vulnerability is to...

7.4CVSS7.2AI score0.05093EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/07 5:48 p.m.9 views

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

7.4CVSS7.4AI score0.06065EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/02/25 1:42 p.m.5 views

nodejs: HTTP header values do not have trailing optional whitespace trimmed

A flaw was found in Node.js where the HTTPs header values were not stripped of trailing whitespace. An attacker can use this flaw to send an HTTPs request which is validated by an upstream proxy server, but not by the Node.js HTTPs server...

9.8CVSS7.1AI score0.20041EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.5 views

nodejs: Hostname spoofing in URL parser for javascript protocol

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

4.3CVSS7.1AI score0.0405EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/22 9:15 p.m.8 views

nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

7.5CVSS7.3AI score0.08028EPSS
Exploits0References4
OSV
OSV
added 2018/06/13 4:29 p.m.2 views

DEBIAN-CVE-2018-7164

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by...

7.5CVSS6.7AI score0.06411EPSS
Exploits0References1
OSV
OSV
added 2017/12/11 9:29 p.m.3 views

UBUNTU-CVE-2017-15896

Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSLread due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption...

9.1CVSS6.9AI score0.02385EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/11/17 3:0 a.m.26 views

CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

7.4AI score0.02267EPSS
Exploits0References2
Elastic
Elastic
added 2017/07/25 4:20 p.m.3 views

Elastic Stack 5.5.1 and Kibana 4.6.5 security update

Kibana Node.js security flaw ESA-2017-14 The version of Node.js shipped in all versions of Kibana prior to 5.5.1 contains a Denial of Service flaw in it's HashTable random seed. This flaw could allow a remote attacker to consume resources within Node.js preventing Kibana from servicing requests...

7.5CVSS7.8AI score0.05478EPSS
Exploits1
CNVD
CNVD
added 2016/11/10 12:0 a.m.9 views

Red Hat OpenShift Container Platform nodejs Denial of Service Vulnerability

Red Hat OpenShift Container Platform is a Red Hat application platform that enables organizations to develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. nodejs is a web application platform built on top of Google's V8...

5.3CVSS7.7AI score0.02356EPSS
Exploits0References1
Rows per page
Query Builder