Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 009
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec pro ...
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
BDU:2019-01911
Уязвимость в файле t1_lib.c библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
BDU:2019-01912
Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2016:1834-1
Security update for nodejs
CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | CVSS3: 8.8 | 10% Средний | почти 9 лет назад |
 | CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | CVSS3: 7.5 | 41% Средний | почти 9 лет назад |
| CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec pro ... | CVSS3: 7.5 | 41% Средний | почти 9 лет назад |
 | CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | CVSS3: 7.5 | 41% Средний | почти 9 лет назад |
 | BDU:2019-01911 Уязвимость в файле t1_lib.c библиотеки OpenSSL, позволяющие нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 20% Средний | почти 9 лет назад |
| CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | CVSS3: 7.5 | 41% Средний | почти 9 лет назад |
| CVE-2016-6303 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | CVSS3: 6.5 | 15% Средний | почти 9 лет назад |
| BDU:2019-01912 Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 9.8 | 15% Средний | почти 9 лет назад |
 | openSUSE-SU-2016:1834-1 Security update for nodejs | 6% Низкий | почти 9 лет назад | |
| CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | CVSS3: 7.5 | 2% Низкий | почти 9 лет назад |
Уязвимостей на страницу