Vulnerabilities > Nodejs > Node JS > 14.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-02-23 CVE-2023-23918 Incorrect Authorization vulnerability in Nodejs Node.Js
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require().
network
low complexity
nodejs CWE-863
7.5
7.5
2023-02-23 CVE-2023-23919 Unspecified vulnerability in Nodejs Node.Js
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it.
network
low complexity
nodejs
7.5
7.5
2023-02-23 CVE-2023-23920 Untrusted Search Path vulnerability in multiple products
An untrusted search path vulnerability exists in Node.js.
local
low complexity
nodejs debian CWE-426
4.2
4.2
2022-02-24 CVE-2021-44531 Improper Certificate Validation vulnerability in multiple products
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates.
network
high complexity
nodejs oracle CWE-295
7.4
7.4
2022-02-24 CVE-2021-44532 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format.
network
low complexity
nodejs oracle debian CWE-295
5.3
5.3
2022-02-24 CVE-2021-44533 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly.
network
low complexity
nodejs oracle debian CWE-295
5.3
5.3
2022-02-24 CVE-2022-21824 Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__".
network
low complexity
nodejs oracle debian netapp
8.2
8.2
2021-10-07 CVE-2021-22930 Use After Free vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs netapp siemens debian CWE-416
critical
 9.8
9.8
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
5.3
2021-08-16 CVE-2021-22940 Use After Free vulnerability in multiple products
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
network
low complexity
nodejs oracle netapp siemens debian CWE-416
7.5
7.5