Vulnerabilities > Nodejs

DATE CVE VULNERABILITY TITLE RISK
2018-08-21 CVE-2018-12115 Out-of-bounds Write vulnerability in multiple products
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`.
network
low complexity
nodejs redhat CWE-787
7.5
7.5
2018-06-13 CVE-2018-7167 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nodejs Node.Js
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service.
network
low complexity
nodejs CWE-119
7.5
7.5
2018-06-13 CVE-2018-7164 Resource Exhaustion vulnerability in Nodejs Node.Js
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM.
network
low complexity
nodejs CWE-400
7.5
7.5
2018-06-13 CVE-2018-7162 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
7.5
2018-06-13 CVE-2018-7161 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
7.5
2018-06-12 CVE-2018-0732 Key Management Errors vulnerability in multiple products
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client.
network
low complexity
openssl debian canonical nodejs CWE-320
7.5
7.5
2018-06-04 CVE-2017-16024 Information Exposure vulnerability in multiple products
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9.
network
low complexity
sync-exec-project nodejs CWE-200
6.5
6.5
2018-05-17 CVE-2018-7160 Authentication Bypass by Spoofing vulnerability in Nodejs Node.Js
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.
network
low complexity
nodejs CWE-290
8.8
8.8
2018-05-17 CVE-2018-7159 Improper Input Validation vulnerability in Nodejs Node.Js
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`.
network
low complexity
nodejs CWE-20
5.3
5.3
2018-05-17 CVE-2018-7158 Unspecified vulnerability in Nodejs Node.Js
The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector.
network
low complexity
nodejs
7.5
7.5