Node.js — программная платформа, основанная на движке V8 (компилирующем JavaScript в машинный код)
Релизный цикл, информация об уязвимостях
График релизов
Количество 1 025
CVE-2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVE-2016-6303
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
BDU:2019-01912
Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2016:1834-1
Security update for nodejs
CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...
CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL throug ...
CVE-2016-2178
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-2183 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | CVSS3: 7.5 | 53% Средний | около 9 лет назад |
| CVE-2016-6303 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | CVSS3: 6.5 | 12% Средний | около 9 лет назад |
 | BDU:2019-01912 Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 9.8 | 12% Средний | около 9 лет назад |
 | openSUSE-SU-2016:1834-1 Security update for nodejs | 5% Низкий | больше 9 лет назад | |
 | CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | CVSS3: 7.5 | 1% Низкий | больше 9 лет назад |
| CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ... | CVSS3: 7.5 | 1% Низкий | больше 9 лет назад |
 | CVE-2016-3956 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. | CVSS3: 7.5 | 1% Низкий | больше 9 лет назад |
| CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL throug ... | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
| CVE-2016-2178 The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | CVSS3: 5.5 | 0% Низкий | больше 9 лет назад |
Уязвимостей на страницу