Vulnerabilities > Nodejs > Node JS > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-18 CVE-2020-8252 Classic Buffer Overflow vulnerability in multiple products
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
local
low complexity
nodejs opensuse fedoraproject CWE-120
7.8
2020-09-18 CVE-2020-8251 Resource Exhaustion vulnerability in multiple products
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
network
low complexity
nodejs fedoraproject CWE-400
7.5
2020-09-18 CVE-2020-8201 HTTP Request Smuggling vulnerability in multiple products
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users.
network
high complexity
nodejs opensuse fedoraproject CWE-444
7.4
2020-06-03 CVE-2020-11080 Improper Enforcement of Message or Data Structure vulnerability in multiple products
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service.
7.5
2020-03-12 CVE-2020-10531 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1.
8.8
2020-02-11 CVE-2014-9748 Race Condition vulnerability in multiple products
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
network
high complexity
libuv nodejs CWE-362
8.1
2020-02-07 CVE-2019-15604 Improper Certificate Validation vulnerability in multiple products
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
network
low complexity
nodejs debian opensuse redhat oracle CWE-295
7.5
2019-08-13 CVE-2019-9518 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9517 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service.
7.5
2019-08-13 CVE-2019-9515 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
7.5