14.5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-25	CVE-2021-3450	Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. network high complexity openssl freebsd netapp windriver fedoraproject tenable oracle mcafee sonicwall nodejs CWE-295	7.4
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-03	CVE-2021-22884	Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. network high complexity nodejs fedoraproject netapp oracle siemens	7.5
2021-03-03	CVE-2021-22883	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. network low complexity nodejs fedoraproject netapp oracle siemens CWE-772	7.5
2021-02-16	CVE-2021-23840	Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. network low complexity openssl debian tenable oracle mcafee fujitsu nodejs CWE-190	7.5
2021-01-06	CVE-2020-8287	HTTP Request Smuggling vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). network low complexity nodejs debian fedoraproject oracle siemens CWE-444	6.5
2021-01-06	CVE-2020-8265	Use After Free vulnerability in multiple products Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. network high complexity nodejs debian fedoraproject oracle siemens CWE-416	8.1
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-09-18	CVE-2020-8252	Classic Buffer Overflow vulnerability in multiple products The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. local low complexity nodejs opensuse fedoraproject CWE-120	7.8
2020-09-18	CVE-2020-8251	Resource Exhaustion vulnerability in multiple products Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. network low complexity nodejs fedoraproject CWE-400	7.5