Vulnerabilities > Nodejs > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-30 CVE-2018-0734 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-06-04 CVE-2017-16024 Information Exposure vulnerability in multiple products
The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9.
network
low complexity
sync-exec-project nodejs CWE-200
6.5
2018-05-17 CVE-2018-7159 Improper Input Validation vulnerability in Nodejs Node.Js
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`.
network
low complexity
nodejs CWE-20
5.3
2017-12-07 CVE-2017-3738 Information Exposure vulnerability in multiple products
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli.
network
high complexity
openssl debian nodejs CWE-200
5.9
2017-09-20 CVE-2015-2927 Resource Management Errors vulnerability in multiple products
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
network
low complexity
uronode nodejs debian CWE-399
6.5
2017-05-04 CVE-2016-7055 There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits.
network
high complexity
openssl nodejs
5.9
2017-05-04 CVE-2017-3732 Information Exposure vulnerability in multiple products
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d.
network
high complexity
openssl nodejs CWE-200
5.9
2017-01-23 CVE-2014-9772 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
network
low complexity
nodejs CWE-79
6.1
2017-01-23 CVE-2013-7454 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
network
low complexity
nodejs CWE-79
6.1