Vulnerabilities > Nodejs > Node JS > 8.2.0

DATE CVE VULNERABILITY TITLE RISK
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in multiple products
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
7.5
7.5
2018-06-13 CVE-2018-7161 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
7.5
2018-06-12 CVE-2018-0732 Key Management Errors vulnerability in multiple products
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client.
network
low complexity
openssl debian canonical nodejs CWE-320
7.5
7.5
2018-05-17 CVE-2018-7160 Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.
network
low complexity
nodejs CWE-290
8.8
8.8
2018-05-17 CVE-2018-7159 Improper Input Validation vulnerability in Nodejs Node.Js
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`.
network
low complexity
nodejs CWE-20
5.3
5.3
2017-12-11 CVE-2017-15897 Improper Initialization vulnerability in Nodejs Node.Js
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified.
network
high complexity
nodejs CWE-665
3.1
3.1
2017-12-11 CVE-2017-15896 Unspecified vulnerability in Nodejs Node.Js
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure.
network
low complexity
nodejs
critical
 9.1
9.1
2017-12-07 CVE-2017-3738 Information Exposure vulnerability in multiple products
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.
network
high complexity
openssl debian nodejs CWE-200
5.9
5.9
2017-10-30 CVE-2017-14919 Improper Input Validation vulnerability in Nodejs Node.Js
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
network
low complexity
nodejs CWE-20
7.5
7.5