Vulnerabilities > Nodejs > Node JS > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
2018-11-28 | CVE-2018-12123 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. | 4.3 |
2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
2018-10-29 | CVE-2018-0735 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
2018-06-04 | CVE-2017-16024 | Information Exposure vulnerability in multiple products The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. | 6.5 |
2018-05-17 | CVE-2018-7159 | Improper Input Validation vulnerability in Nodejs Node.Js The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. | 5.3 |
2017-12-07 | CVE-2017-3738 | Information Exposure vulnerability in multiple products There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. | 5.9 |
2017-09-20 | CVE-2015-2927 | Resource Management Errors vulnerability in multiple products node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | 6.5 |
2017-05-04 | CVE-2016-7055 | There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. | 5.9 |