Search CVE reports
121 – 130 of 176 results
CVE-2020-8174
Medium prioritySome fixes available 2 of 7
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Fixed | Fixed | Not affected |
CVE-2020-8172
Medium priorityTLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2020-11080
Medium prioritySome fixes available 3 of 9
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400...
2 affected packages
nghttp2, nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nghttp2 | Not affected | Not affected | Fixed | Fixed | Fixed |
nodejs | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
CVE-2013-7381
Medium prioritylibnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Ignored | Ignored |
CVE-2013-7378
Medium priorityscripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Not affected | Not affected |
CVE-2014-9748
Medium priorityThe uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of...
2 affected packages
libuv, nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libuv | — | — | — | — | Not affected |
nodejs | — | — | — | — | Not affected |
CVE-2019-15606
Medium prioritySome fixes available 2 of 4
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-15605
Medium prioritySome fixes available 2 of 4
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Fixed | Fixed |
CVE-2019-15604
Medium prioritySome fixes available 2 of 3
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Fixed | Fixed |
CVE-2013-7380
Medium priorityThe Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Ignored | Ignored |