Vulnerabilities > Nodejs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-08 | CVE-2018-1000168 | NULL Pointer Dereference vulnerability in multiple products nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. | 7.5 |
| 2017-12-11 | CVE-2017-15897 | Improper Initialization vulnerability in Nodejs Node.Js Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. | 3.1 |
| 2017-12-11 | CVE-2017-15896 | Unspecified vulnerability in Nodejs Node.Js Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. | 9.1 |
| 2017-12-07 | CVE-2017-3738 | Information Exposure vulnerability in multiple products There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. | 5.9 |
| 2017-10-30 | CVE-2017-14919 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter. | 7.5 |
| 2017-10-23 | CVE-2014-3744 | Path Traversal vulnerability in Nodejs Node.Js Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | 7.5 |
| 2017-10-10 | CVE-2015-7384 | Resource Exhaustion vulnerability in Nodejs Node.Js 4.0.0/4.1.0/4.1.1 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | 7.5 |
| 2017-09-28 | CVE-2017-14849 | Path Traversal vulnerability in Nodejs Node.Js 8.5.0 Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. | 7.5 |
| 2017-09-20 | CVE-2015-2927 | Resource Management Errors vulnerability in multiple products node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | 6.5 |
| 2017-07-25 | CVE-2017-11499 | Improper Input Validation vulnerability in Nodejs Node.Js Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. | 7.5 |