Vulnerabilities > Nodejs

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2013-7452 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
network
low complexity
nodejs CWE-79
6.1
2017-01-23 CVE-2013-7451 Cross-site Scripting vulnerability in Nodejs Node.Js 1.0.4
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
network
low complexity
nodejs CWE-79
6.1
2016-10-10 CVE-2016-7099 Data Processing Errors vulnerability in multiple products
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
network
high complexity
nodejs suse CWE-19
5.9
2016-10-10 CVE-2016-5325 HTTP Response Splitting vulnerability in multiple products
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
network
low complexity
nodejs suse CWE-113
6.1
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
9.8
2016-09-26 CVE-2016-7052 NULL Pointer Dereference vulnerability in multiple products
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
network
low complexity
novell openssl nodejs CWE-476
7.5
2016-09-26 CVE-2016-6306 Out-of-bounds Read vulnerability in multiple products
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
network
high complexity
openssl hp novell nodejs debian canonical CWE-125
5.9
2016-09-26 CVE-2016-6304 Memory Leak vulnerability in multiple products
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
network
low complexity
openssl nodejs novell CWE-401
7.5
2016-09-25 CVE-2016-5172 Information Exposure vulnerability in multiple products
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-200
6.5
2016-09-16 CVE-2016-6303 Out-of-bounds Write vulnerability in multiple products
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
nodejs openssl CWE-787
critical
9.8