1.5.1

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-24	CVE-2021-44531	Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. network high complexity nodejs oracle CWE-295	7.4
2022-02-24	CVE-2021-44532	Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. network low complexity nodejs oracle debian CWE-295	5.3
2022-02-24	CVE-2021-44533	Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. network low complexity nodejs oracle debian CWE-295	5.3
2020-07-24	CVE-2020-8174	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. network high complexity nodejs oracle netapp CWE-191	8.1
2018-11-15	CVE-2018-5407	Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. local high complexity canonical debian nodejs openssl tenable oracle redhat CWE-203	4.7
2018-08-21	CVE-2018-12115	Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. network low complexity nodejs redhat CWE-787	7.5
2017-01-23	CVE-2015-8860	Link Following vulnerability in Nodejs Node.Js The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. network low complexity nodejs CWE-59	7.5
2017-01-23	CVE-2015-8855	Resource Management Errors vulnerability in Nodejs Node.Js The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." network low complexity nodejs CWE-399	7.5
2017-01-23	CVE-2014-9772	Cross-site Scripting vulnerability in Nodejs Node.Js The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. network low complexity nodejs CWE-79	6.1