Lucene search
K

77 matches found

OSV
OSV
added 2020/03/08 10:37 p.m.11 views

MGASA-2020-0131 Updated http-parser packages fix security vulnerability

http-parser has been updated to fix a security issue. HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed VE-2019-15605...

9.8CVSS9.4AI score0.57132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/02/07 12:0 a.m.11 views

PT-2020-9728 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions 10 through 13 Description: The issue is related to improper certificate validation, which can cause the process to abort when a crafted X.509 certificate is sent. Recommendations: For Node.js versions 10 through 13, update to...

9.8CVSS8.3AI score0.87806EPSS
Exploits7References156
Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.15 views

PT-2020-5852 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 10.24.0 Node.js versions prior to 12.21.0 Node.js versions prior to 14.16.0 Node.js versions prior to 15.10.0 Description: The issue is related to the incorrect handling of a large number of connection attempts with ...

9.8CVSS6.4AI score0.77385EPSS
Exploits30References254
RedHat Linux
RedHat Linux
added 2019/10/01 10:3 a.m.2 views

nodejs: Denial of Service with large HTTP headers

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers almost 80 KB per connection, and carefully timed completion of the headers, it is possible to cause the HTTP...

7.5CVSS6.7AI score0.10207EPSS
Exploits0References4
OSV
OSV
added 2018/11/28 5:29 p.m.4 views

DEBIAN-CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

8.1CVSS7AI score0.04277EPSS
Exploits0References1
OSV
OSV
added 2018/11/28 5:29 p.m.1 views

DEBIAN-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

7.5CVSS7.1AI score0.41288EPSS
Exploits0References1
OSV
OSV
added 2018/08/21 12:29 p.m.1 views

DEBIAN-CVE-2018-12115

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

7.5CVSS9.2AI score0.08028EPSS
Exploits0References1
OSV
OSV
added 2018/07/27 5:6 p.m.1 views

GHSA-WM77-Q74P-5763 Path Traversal in superstatic

Affected of superstatic are vulnerable to path traversal when used on Windows. Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \ to / in paths on all platforms a known example being Node.js v9.9.0...

5.9AI score
Exploits0References4
OpenVAS
OpenVAS
added 2018/07/10 12:0 a.m.38 views

Node.js Denial-of-Service Vulnerability - 02 - Mac OS X

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS6.5AI score0.10782EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/13 4:0 p.m.33 views

CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

7.5AI score0.07214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/05/25 12:0 a.m.4 views

PT-2018-11027 · Node.Js +2 · Node.Js +2

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Description: The issue allows remote computers to attach to the debug port and evaluate arbitrary JavaScript when the debugger is enabled with node --debug or node debug, as it listens on all interfaces by...

8.1CVSS6.6AI score0.41288EPSS
Exploits4References67
Positive Technologies
Positive Technologies
added 2018/05/09 12:0 a.m.6 views

PT-2018-17921 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions 6.x and later Description: The issue allows for a DNS rebinding attack, potentially leading to remote code execution. This can be exploited by malicious websites open in a web browser on the same computer or another computer...

9.8CVSS7.3AI score0.95707EPSS
Exploits51References562
Hacker One
Hacker One
added 2018/02/27 4:40 a.m.29 views

Node.js third-party modules: `concat-with-sourcemaps` allocates uninitialized Buffers when number is passed as a separator

I would like to report an uninitialized Buffer allocation issue in concat-with-sourcemaps. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in unlikely setups where separator is attacker-controlled. Module module name:...

0.8AI score
Exploits0
OSV
OSV
added 2017/10/10 4:29 p.m.2 views

UBUNTU-CVE-2015-7384

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service...

7.5CVSS7.2AI score0.08043EPSS
Exploits0References3
OSV
OSV
added 2017/10/10 4:29 p.m.1 views

DEBIAN-CVE-2015-7384

Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service...

7.5CVSS8.9AI score0.08043EPSS
Exploits0References1
OSV
OSV
added 2016/07/02 2:59 p.m.9 views

CVE-2016-3956

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers...

7.5CVSS7.3AI score
Exploits0References6
OSV
OSV
added 2016/04/07 9:59 p.m.3 views

UBUNTU-CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

7.5CVSS7.2AI score0.06257EPSS
Exploits0References4
Rows per page
Query Builder