Количество 1 009
Количество 1 009
openSUSE-SU-2021:0195-1
Security update for nodejs8
openSUSE-SU-2016:1834-1
Security update for nodejs
SUSE-SU-2021:3294-1
Security update for nodejs8
SUSE-SU-2021:2790-1
Security update for nodejs8
SUSE-SU-2021:0224-1
Security update for nodejs8
SUSE-SU-2021:0121-1
Security update for nodejs8
GHSA-rv6p-2q56-m955
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
GHSA-rh28-x46h-8pcg
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
GHSA-rc2m-q589-vpqx
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
GHSA-q5vx-44v4-gch4
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
GHSA-m5h6-hr3q-22h5
npm Token Leak in npm
GHSA-hgr8-6h9x-f7q9
golang.org/x/net/http vulnerable to ping floods
GHSA-h225-x2r7-r2m9
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
GHSA-gqhp-5j32-xwmm
Use After Free in node.js
GHSA-f33f-hhx9-6j4m
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
GHSA-cpgp-qq89-2x6x
The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence.
GHSA-8rwr-x37p-mx23
X.509 Email Address 4-byte Buffer Overflow
GHSA-879w-9vpf-9pw9
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
GHSA-7wg6-6952-3vfv
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
GHSA-4368-3x2v-g4cm
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2021:0195-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| openSUSE-SU-2016:1834-1 Security update for nodejs | 6% Низкий | почти 9 лет назад | |
| SUSE-SU-2021:3294-1 Security update for nodejs8 | 0% Низкий | больше 3 лет назад | |
| SUSE-SU-2021:2790-1 Security update for nodejs8 | 0% Низкий | почти 4 года назад | |
| SUSE-SU-2021:0224-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| SUSE-SU-2021:0121-1 Security update for nodejs8 | 10% Низкий | больше 4 лет назад | |
| GHSA-rv6p-2q56-m955 HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed | CVSS3: 9.8 | 34% Средний | около 3 лет назад |
| GHSA-rh28-x46h-8pcg Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | CVSS3: 7.5 | 48% Средний | около 3 лет назад |
| GHSA-rc2m-q589-vpqx The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | CVSS3: 9.8 | 4% Низкий | больше 2 лет назад |
| GHSA-q5vx-44v4-gch4 llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields | CVSS3: 9.1 | 68% Средний | почти 3 года назад |
| GHSA-m5h6-hr3q-22h5 npm Token Leak in npm | 2% Низкий | почти 7 лет назад | |
| GHSA-hgr8-6h9x-f7q9 golang.org/x/net/http vulnerable to ping floods | CVSS3: 7.5 | 21% Средний | около 3 лет назад |
| GHSA-h225-x2r7-r2m9 Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 9% Низкий | около 3 лет назад | |
| GHSA-gqhp-5j32-xwmm Use After Free in node.js | CVSS3: 9.8 | 0% Низкий | больше 3 лет назад |
| GHSA-f33f-hhx9-6j4m Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. | CVSS3: 6.5 | 10% Низкий | около 3 лет назад |
| GHSA-cpgp-qq89-2x6x The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted byte sequence. | 1% Низкий | около 3 лет назад | |
| GHSA-8rwr-x37p-mx23 X.509 Email Address 4-byte Buffer Overflow | CVSS3: 9.8 | 85% Высокий | больше 2 лет назад |
| GHSA-879w-9vpf-9pw9 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. | CVSS3: 8.1 | 1% Низкий | около 3 лет назад |
| GHSA-7wg6-6952-3vfv The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | CVSS3: 8.8 | 6% Низкий | около 3 лет назад |
| GHSA-4368-3x2v-g4cm Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу