Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2021-44532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against...

5.3CVSS6.3AI score0.10364EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 7:15 p.m.3 views

CVE-2021-44531

Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use...

7.4CVSS6.7AI score0.08373EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/02/24 7:15 p.m.1 views

DEBIAN-CVE-2021-44532

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used withi...

5.3CVSS6.1AI score0.10364EPSS
Exploits1References1
OSV
OSV
added 2022/02/24 7:15 p.m.10 views

AZL-8818 CVE-2021-44532 affecting package nodejs for versions less than 16.14.0-1

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used withi...

5.3CVSS6.3AI score0.10364EPSS
Exploits1References1
Rows per page
Query Builder