High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-07-07	CVE-2017-1000381	Information Exposure vulnerability in multiple products The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. network low complexity c-ares-project c-ares nodejs CWE-200	7.5
2017-05-23	CVE-2016-9842	The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-23	CVE-2016-9840	inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. network low complexity zlib opensuse debian canonical oracle redhat apple nodejs	8.8
2017-05-04	CVE-2017-3731	Out-of-bounds Read vulnerability in multiple products If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. network low complexity openssl nodejs CWE-125	7.5
2017-01-23	CVE-2015-8860	Link Following vulnerability in Nodejs Node.Js The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. network low complexity nodejs CWE-59	7.5
2017-01-23	CVE-2015-8855	Resource Management Errors vulnerability in Nodejs Node.Js The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." network low complexity nodejs CWE-399	7.5
2016-09-26	CVE-2016-7052	NULL Pointer Dereference vulnerability in multiple products crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. network low complexity novell openssl nodejs CWE-476	7.5
2016-09-26	CVE-2016-6304	Memory Leak vulnerability in multiple products Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. network low complexity openssl nodejs novell CWE-401	7.5
2016-09-01	CVE-2016-2183	Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. network low complexity redhat python cisco openssl oracle nodejs CWE-200	7.5
2016-07-02	CVE-2016-3956	Information Exposure vulnerability in multiple products The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. network low complexity ibm nodejs npmjs CWE-200	7.5