Vulnerabilities > Nodejs > Node JS > 9.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2021-44531 | Improper Certificate Validation vulnerability in multiple products Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. | 7.4 |
| 2022-02-24 | CVE-2021-44532 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. | 5.3 |
| 2022-02-24 | CVE-2021-44533 | Improper Certificate Validation vulnerability in multiple products Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. | 5.3 |
| 2020-07-24 | CVE-2020-8174 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | 8.1 |
| 2018-06-13 | CVE-2018-7167 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. | 7.5 |
| 2018-06-13 | CVE-2018-7164 | Resource Exhaustion vulnerability in Nodejs Node.Js Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. | 7.5 |
| 2018-06-13 | CVE-2018-7162 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. | 7.5 |
| 2018-06-13 | CVE-2018-7161 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. | 7.5 |
| 2018-05-17 | CVE-2018-7160 | Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. | 8.8 |
| 2018-05-17 | CVE-2018-7159 | Improper Input Validation vulnerability in Nodejs Node.Js The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. | 5.3 |