Filtered by vendor Nodejs
Subscribe
Total
161 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7384 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | |||||
| CVE-2015-6764 | 3 Debian, Google, Nodejs | 3 Debian Linux, Chrome, Node.js | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2015-5380 | 3 Google, Iojs, Nodejs | 3 V8, Io.js, Node.js | 2024-11-21 | 7.5 HIGH | N/A |
| The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. | |||||
| CVE-2015-3194 | 4 Canonical, Debian, Nodejs and 1 more | 4 Ubuntu Linux, Debian Linux, Node.js and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. | |||||
| CVE-2015-3193 | 3 Canonical, Nodejs, Openssl | 3 Ubuntu Linux, Node.js, Openssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. | |||||
| CVE-2015-2927 | 3 Debian, Nodejs, Uronode | 3 Debian Linux, Node.js, Uro Node | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |||||
| CVE-2015-0278 | 3 Fedoraproject, Libuv Project, Nodejs | 3 Fedora, Libuv, Node.js | 2024-11-21 | 10.0 HIGH | N/A |
| libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | |||||
| CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | |||||
| CVE-2014-9748 | 3 Libuv, Microsoft, Nodejs | 4 Libuv, Windows Server 2003, Windows Xp and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. | |||||
| CVE-2014-7191 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | N/A |
| The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. | |||||
| CVE-2014-5256 | 1 Nodejs | 1 Nodejs | 2024-11-21 | 5.0 MEDIUM | N/A |
| Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application crash) via deep JSON objects whose parsing lets this interrupt mask an overflow of the program stack. | |||||
| CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | |||||
| CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 20 Fedora, Filezilla Server, Mariadb and 17 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | |||||
| CVE-2013-7454 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | |||||
| CVE-2013-7453 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | |||||
| CVE-2013-7452 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. | |||||
| CVE-2013-7451 | 1 Nodejs | 1 Node.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | |||||
| CVE-2013-6668 | 3 Debian, Google, Nodejs | 4 Debian Linux, Chrome, V8 and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-4450 | 1 Nodejs | 1 Nodejs | 2024-11-21 | 5.0 MEDIUM | N/A |
| The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. | |||||
| CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 4 Debian Linux, Chrome, Node.js and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||||