Количество 1 014
Количество 1 014
BDU:2019-01912
Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2021:3294-1
Security update for nodejs8
openSUSE-SU-2021:1343-1
Security update for nodejs8
openSUSE-SU-2021:0195-1
Security update for nodejs8
openSUSE-SU-2016:1834-1
Security update for nodejs
SUSE-SU-2021:3294-1
Security update for nodejs8
SUSE-SU-2021:2790-1
Security update for nodejs8
SUSE-SU-2021:0224-1
Security update for nodejs8
SUSE-SU-2021:0121-1
Security update for nodejs8
GHSA-rv6p-2q56-m955
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
GHSA-rh28-x46h-8pcg
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
GHSA-rc2m-q589-vpqx
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
GHSA-q5vx-44v4-gch4
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
GHSA-m5h6-hr3q-22h5
npm Token Leak in npm
GHSA-hgr8-6h9x-f7q9
golang.org/x/net/http vulnerable to ping floods
GHSA-h225-x2r7-r2m9
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
GHSA-gqhp-5j32-xwmm
Use After Free in node.js
GHSA-f33f-hhx9-6j4m
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
GHSA-cpgp-qq89-2x6x
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
GHSA-8rwr-x37p-mx23
X.509 Email Address 4-byte Buffer Overflow
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2019-01912 Уязвимость функции MDC2_Update библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 9.8 | 34% Средний | около 9 лет назад |
 | openSUSE-SU-2021:3294-1 Security update for nodejs8 | 0% Низкий | почти 4 года назад | |
| openSUSE-SU-2021:1343-1 Security update for nodejs8 | 0% Низкий | почти 4 года назад | |
| openSUSE-SU-2021:0195-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| openSUSE-SU-2016:1834-1 Security update for nodejs | 6% Низкий | около 9 лет назад | |
| SUSE-SU-2021:3294-1 Security update for nodejs8 | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2021:2790-1 Security update for nodejs8 | 0% Низкий | около 4 лет назад | |
| SUSE-SU-2021:0224-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:0121-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| GHSA-rv6p-2q56-m955 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | CVSS3: 9.8 | 32% Средний | около 3 лет назад |
| GHSA-rh28-x46h-8pcg Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | CVSS3: 7.5 | 62% Средний | больше 3 лет назад |
| GHSA-rc2m-q589-vpqx The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | CVSS3: 9.8 | 5% Низкий | больше 2 лет назад |
| GHSA-q5vx-44v4-gch4 llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields | CVSS3: 9.1 | 65% Средний | около 3 лет назад |
| GHSA-m5h6-hr3q-22h5 npm Token Leak in npm | 2% Низкий | около 7 лет назад | |
| GHSA-hgr8-6h9x-f7q9 golang.org/x/net/http vulnerable to ping floods | CVSS3: 7.5 | 18% Средний | около 3 лет назад |
| GHSA-h225-x2r7-r2m9 Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 12% Средний | больше 3 лет назад | |
| GHSA-gqhp-5j32-xwmm Use After Free in node.js | CVSS3: 9.8 | 0% Низкий | почти 4 года назад |
| GHSA-f33f-hhx9-6j4m Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | CVSS3: 6.5 | 10% Низкий | около 3 лет назад |
| GHSA-cpgp-qq89-2x6x The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. | 1% Низкий | больше 3 лет назад | |
| GHSA-8rwr-x37p-mx23 X.509 Email Address 4-byte Buffer Overflow | CVSS3: 9.8 | 86% Высокий | почти 3 года назад |
Уязвимостей на страницу