Vulnerabilities > Nodejs > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8
2016-10-03 CVE-2016-5180 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
network
low complexity
c-ares-project c-ares debian nodejs canonical CWE-787
critical
9.8
2016-09-16 CVE-2016-6303 Out-of-bounds Write vulnerability in multiple products
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
nodejs openssl CWE-787
critical
9.8
2015-12-06 CVE-2015-6764 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google nodejs debian CWE-119
critical
9.8