Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2024/09/13 2:41 p.m.17 views

RHSA-2017:2672 Red Hat Security Advisory: rh-nodejs6-nodejs-qs security update

Bulletin has no description...

5.3CVSS7.5AI score0.00808EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 2020/04/04 5:0 a.m.33 views

CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

8.1CVSS3.2AI score0.00422EPSS
Exploits0References2
Node JS Blog
Node JS Blogadded 2018/11/28 12:0 a.m.46 views

November 2018 Security Releases

November 2018 Security Releases Update 27-November-2018 Security releases available Summary Updates are now available for all active Node.js release lines. These include fixes for the vulnerabilities identified in the initial announcement below. They also include upgrades of Node.js 6 and 8 to...

8.1CVSS7.6AI score0.05057EPSS
Exploits4
NVD
NVDadded 2018/06/13 4:29 p.m.19 views

CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

7.5CVSS7.5AI score0.00756EPSS
Exploits0References3
Prion
Prionadded 2018/06/13 4:29 p.m.23 views

Cross site scripting

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

5CVSS7.3AI score0.00756EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinuxadded 2018/06/13 4:0 p.m.29 views

CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

7.5CVSS7.6AI score0.00756EPSS
Exploits0
Hacker One
Hacker Oneadded 2018/02/27 4:40 a.m.17 views

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...

0.8AI score
Exploits0
UbuntuCve
UbuntuCveadded 2016/10/10 4:59 p.m.40 views

CVE-2016-5325

CRLF injection vulnerability in the ServerResponsewriteHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument...

6.1CVSS6.9AI score0.00985EPSS
Exploits0References2
Rows per page
Query Builder