14.15.2

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-03	CVE-2021-22883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. network low complexity nodejs fedoraproject netapp oracle siemens CWE-772	7.5
2021-01-06	CVE-2020-8287	HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). network low complexity nodejs debian fedoraproject oracle siemens CWE-444	6.5
2021-01-06	CVE-2020-8265	Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. network high complexity nodejs debian fedoraproject oracle siemens CWE-416	8.1
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9