Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в libuv1

Node.js versions prior to 16.4.1, 14.17.2, and 12.22.2 are vulnerable to an out-of-bounds read when the uvidnatoascii function is used to convert strings to ASCII. The pointer p is read and incremented without checking whether it lies beyond pe, where pe holds a pointer to the end of the buffer...

5.3CVSS6.6AI score0.00718EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/11 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs (UTSA-2026-017558)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017558 advisory. Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and...

5.3CVSS7.2AI score0.00718EPSS
Exploits1References4
RedHat Linux
RedHat Linuxadded 2024/07/23 4:39 p.m.3 views

libuv: Improper Domain Lookup that potentially leads to SSRF attacks

A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...

7.3CVSS7.2AI score0.002EPSS
Exploits1References6
OSV
OSVadded 2024/02/07 10:15 p.m.4 views

AZL-35051 CVE-2024-24806 affecting package nodejs for versions less than 20.14.0-1

libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to create addresses...

7.3CVSS6.8AI score0.002EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2023/02/15 3:45 a.m.1 views

SUSE CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS7.8AI score0.00718EPSS
Exploits1References15
OSV
OSVadded 2021/07/12 11:15 a.m.1 views

DEBIAN-CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.5AI score0.00718EPSS
Exploits1References1
OSV
OSVadded 2021/07/02 12:0 a.m.1 views

UBUNTU-CVE-2021-22918

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.8AI score0.00718EPSS
Exploits1References4
Rows per page
Query Builder