Vulnerabilities > Nodejs > Node JS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2018-7162 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. | 7.5 |
| 2018-06-13 | CVE-2018-7161 | Improper Input Validation vulnerability in Nodejs Node.Js All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. | 7.5 |
| 2018-06-12 | CVE-2018-0732 | Key Management Errors vulnerability in multiple products During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. | 7.5 |
| 2018-05-17 | CVE-2018-7160 | Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. | 8.8 |
| 2018-05-17 | CVE-2018-7158 | Unspecified vulnerability in Nodejs Node.Js The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. | 7.5 |
| 2018-05-08 | CVE-2018-1000168 | NULL Pointer Dereference vulnerability in multiple products nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. | 7.5 |
| 2017-10-30 | CVE-2017-14919 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | 7.5 |
| 2017-10-23 | CVE-2014-3744 | Path Traversal vulnerability in Nodejs Node.Js Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | 7.5 |
| 2017-10-10 | CVE-2015-7384 | Resource Exhaustion vulnerability in Nodejs Node.Js 4.0.0/4.1.0/4.1.1 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-09-28 | CVE-2017-14849 | Path Traversal vulnerability in Nodejs Node.Js 8.5.0 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 7.5 |