Vulnerabilities > Nodejs > Node JS > 8.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-21 | CVE-2018-12115 | Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. | 7.5 |
| 2018-06-13 | CVE-2018-7161 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. | 7.5 |
| 2018-06-12 | CVE-2018-0732 | Key Management Errors vulnerability in multiple products During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. | 7.5 |
| 2018-05-17 | CVE-2018-7160 | Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. | 8.8 |
| 2018-05-17 | CVE-2018-7159 | Improper Input Validation vulnerability in Nodejs Node.Js The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. | 5.3 |
| 2017-12-11 | CVE-2017-15897 | Improper Initialization vulnerability in Nodejs Node.Js Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. | 3.1 |
| 2017-12-11 | CVE-2017-15896 | Unspecified vulnerability in Nodejs Node.Js Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. | 9.1 |
| 2017-12-07 | CVE-2017-3738 | Information Exposure vulnerability in multiple products There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. | 5.9 |
| 2017-10-30 | CVE-2017-14919 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | 7.5 |
| 2017-07-25 | CVE-2017-11499 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. | 7.5 |