Vulnerabilities > Nodejs

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2015-8860 Link Following vulnerability in Nodejs Node.Js
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
network
low complexity
nodejs CWE-59
5.0
5.0
2017-01-23 CVE-2015-8855 Resource Management Errors vulnerability in Nodejs Node.Js
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
network
low complexity
nodejs CWE-399
7.8
7.8
2017-01-23 CVE-2014-9772 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
network
nodejs CWE-79
4.3
4.3
2017-01-23 CVE-2013-7454 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
network
nodejs CWE-79
4.3
4.3
2017-01-23 CVE-2013-7453 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
network
nodejs CWE-79
4.3
4.3
2017-01-23 CVE-2013-7452 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
network
nodejs CWE-79
4.3
4.3
2017-01-23 CVE-2013-7451 Cross-site Scripting vulnerability in Nodejs Node.Js 1.0.4
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
network
nodejs CWE-79
4.3
4.3
2016-10-10 CVE-2016-7099 Data Processing Errors vulnerability in multiple products
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
network
nodejs suse CWE-19
4.3
4.3
2016-10-10 CVE-2016-5325 HTTP Response Splitting vulnerability in multiple products
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
network
nodejs suse CWE-113
4.3
4.3
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
 9.8
9.8