Vulnerabilities > Nodejs > Node JS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
| 2018-10-29 | CVE-2018-0735 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
| 2018-08-21 | CVE-2018-7166 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. | 5.0 |
| 2018-08-21 | CVE-2018-12115 | Out-of-bounds Write vulnerability in Nodejs Node.Js In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. | 5.0 |
| 2018-06-13 | CVE-2018-7167 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. | 5.0 |
| 2018-06-13 | CVE-2018-7164 | Resource Exhaustion vulnerability in Nodejs Node.Js Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. | 5.0 |
| 2018-06-04 | CVE-2017-16024 | Information Exposure vulnerability in multiple products The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. | 4.0 |
| 2018-05-17 | CVE-2018-7159 | Improper Input Validation vulnerability in Nodejs Node.Js The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. | 5.3 |
| 2018-05-17 | CVE-2018-7158 | Unspecified vulnerability in Nodejs Node.Js The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. | 5.0 |
| 2018-05-08 | CVE-2018-1000168 | NULL Pointer Dereference vulnerability in multiple products nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. | 5.0 |