Node.js@6.0.0 Security Vulnerabilities and Issues — Node.js@6.0.0 CVE List

Lucene search

NodejsNode.js6.0.0

11 matches found

CVE•added 2016/09/01 12:59 a.m.•1641 views

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted sess...

7.5CVSS6.5AI score0.30847EPSS

In wild

CVE•added 2016/05/05 1:59 a.m.•694 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.78923EPSS

CVE•added 2016/09/26 7:59 p.m.•278 views

CVE-2016-6304

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.

7.8CVSS7.9AI score0.24314EPSS

CVE•added 2016/09/16 5:59 a.m.•261 views

CVE-2016-6303

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.

9.8CVSS8.6AI score0.3439EPSS

CVE•added 2016/09/26 7:59 p.m.•223 views

CVE-2016-6306

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.

5.9CVSS7.4AI score0.09045EPSS

CVE•added 2016/05/05 1:59 a.m.•204 views

CVE-2016-2105

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.

7.5CVSS7.7AI score0.62171EPSS

CVE•added 2016/05/14 9:59 p.m.•117 views

CVE-2016-1669

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impa...

9.3CVSS8.8AI score0.04822EPSS

CVE•added 2016/09/25 8:59 p.m.•107 views

CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.

6.5CVSS6.1AI score0.01493EPSS

CVE•added 2016/09/26 7:59 p.m.•98 views

CVE-2016-7052

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

7.5CVSS8.1AI score0.14806EPSS

CVE•added 2016/10/10 4:59 p.m.•68 views

CVE-2016-5325

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.

6.1CVSS6.7AI score0.00327EPSS

CVE•added 2016/10/10 4:59 p.m.•62 views

CVE-2016-7099

The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

5.9CVSS6AI score0.00703EPSS