CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4309 matches found

RedHat Linux•added 2021/02/16 2:28 p.m.•2 views

nodejs: use-after-free in the TLS implementation

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...

8.1CVSS7.2AI score0.00755EPSS

Exploits1References5

RedHat Linux•added 2021/02/16 2:28 p.m.•1 views

nodejs-y18n: prototype pollution vulnerability

A flaw was found in nodejs-y18n. There is a prototype pollution vulnerability in y18n's locale functionality. If an attacker is able to provide untrusted input via locale, they may be able to cause denial of service or in rare circumstances, impact to data integrity or confidentiality...

9.8CVSS7AI score0.00469EPSS

Exploits1References5

RedHat Linux•added 2021/02/16 2:25 p.m.•4 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.00291EPSS

Exploits1References4

RedHat Linux•added 2021/02/16 2:25 p.m.•4 views

nodejs-set-value: prototype pollution in function set-value

A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto payloads. The highest threat from this vulnerability is to data confidentiality and integrity...

9.8CVSS7.2AI score0.00503EPSS

Exploits1References4

RedHat Linux•added 2021/02/16 2:25 p.m.•2 views

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

7.5CVSS7.4AI score0.01798EPSS

Exploits1References5

RedHat Linux•added 2021/02/16 2:25 p.m.•2 views

nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function

A flaw was found in nodejs-ajv. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code...

6.8CVSS7.5AI score0.00331EPSS

Exploits0References5

RedHat Linux•added 2021/02/16 2:25 p.m.•0 views

nodejs-ini: Prototype pollution via malicious INI file

9.8CVSS7.3AI score0.00291EPSS

Exploits1References4

RedHat Linux•added 2021/02/16 2:25 p.m.•0 views

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

7.5CVSS7.2AI score0.00764EPSS

Exploits1References5

RedHat Linux•added 2021/02/16 2:25 p.m.•1 views

nodejs: HTTP request smuggling via two copies of a header field in an http request

A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request smuggling. The highest threat from this vulnerability is to data confidentiality and integrity...

6.5CVSS7.3AI score0.11865EPSS

Exploits2References4

RedHat Linux•added 2021/02/16 2:25 p.m.•0 views

nodejs-y18n: prototype pollution vulnerability

9.8CVSS7AI score0.00469EPSS

Exploits1References5

RedHat Linux•added 2021/02/16 2:25 p.m.•1 views

nodejs: use-after-free in the TLS implementation

8.1CVSS7.2AI score0.00755EPSS

Exploits1References5

Tenable Nessus•added 2021/02/16 12:0 a.m.•57 views

RHEL 8 : nodejs:10 (RHSA-2021:0548)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0548 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.4AI score0.11865EPSS

Exploits8References23

Tenable Nessus•added 2021/02/16 12:0 a.m.•50 views

CentOS 8 : nodejs:14 (CESA-2021:0551)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:0551 advisory. - nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function CVE-2020-15366 - nodejs-npm-user-validate: improper input validation...

9.8CVSS7AI score0.58883EPSS

Exploits6References8

Tenable Nessus•added 2021/02/16 12:0 a.m.•48 views

RHEL 8 : nodejs:14 (RHSA-2021:0551)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0551 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

9.8CVSS7.1AI score0.58883EPSS

Exploits6References17