Search CVE reports
111 – 120 of 176 results
CVE-2021-22883
Medium prioritySome fixes available 1 of 6
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Fixed | Ignored | Not affected |
CVE-2021-23841
Medium priorityThe OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Fixed |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2021-23840
Low prioritySome fixes available 15 of 19
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Fixed | Vulnerable | Needs evaluation |
nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2021-23839
Low priorityOpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Not affected | Not affected | Not affected |
openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2020-8287
Medium prioritySome fixes available 4 of 15
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field...
2 affected packages
http-parser, nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
http-parser | Not affected | Vulnerable | Needs evaluation | Fixed | Needs evaluation |
nodejs | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2020-8265
Medium prioritySome fixes available 3 of 7
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Fixed | Fixed | Fixed |
CVE-2020-1971
High priorityThe X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Fixed |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2020-8251
Medium priorityNode.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-8201
Medium priorityNode.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-1968
Low prioritySome fixes available 3 of 4
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Not affected | Not affected | Not affected | Not affected | Fixed |
openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |