Vulnerabilities > Nodejs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-22918 | Out-Of-Bounds Read vulnerability in Nodejs Node.Js Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. | 5.0 |
| 2021-07-12 | CVE-2021-22921 | Incorrect Permission Assignment for Critical Resource vulnerability in Nodejs Node.Js Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. | 4.4 |
| 2021-03-03 | CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. | 5.1 |
| 2021-03-03 | CVE-2021-22883 | Resource Exhaustion vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. | 7.8 |
| 2021-01-06 | CVE-2020-8287 | Http Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). | 6.4 |
| 2021-01-06 | CVE-2020-8265 | USE After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. | 6.8 |
| 2020-12-03 | CVE-2018-21270 | Out-Of-Bounds Read vulnerability in Nodejs Node.Js Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | 5.8 |
| 2020-11-19 | CVE-2020-8277 | Resource Exhaustion vulnerability in multiple products A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. | 5.0 |
| 2020-09-18 | CVE-2020-8252 | Classic Buffer Overflow vulnerability in multiple products The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | 4.6 |
| 2020-09-18 | CVE-2020-8251 | Resource Exhaustion vulnerability in Nodejs Node.Js Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | 5.0 |