Vulnerabilities > Nodejs > Node JS > 8.11.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-21 | CVE-2018-12115 | Out-of-bounds Write vulnerability in multiple products In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. | 7.5 |
2018-06-13 | CVE-2018-7167 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. | 7.5 |
2018-06-13 | CVE-2018-7161 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. | 7.5 |
2018-06-12 | CVE-2018-0732 | Key Management Errors vulnerability in multiple products During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. | 7.5 |
2018-05-08 | CVE-2018-1000168 | NULL Pointer Dereference vulnerability in multiple products nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. | 7.5 |