Search CVE reports
161 – 170 of 176 results
CVE-2014-3741
Medium priorityThe printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Ignored | Ignored |
CVE-2013-7377
Medium priorityThe codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Ignored | Ignored |
CVE-2015-7384
Medium priorityNode.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Not affected | Not affected |
CVE-2017-14849
Medium priorityNode.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | — | Not affected |
CVE-2017-11499
Medium priorityNode.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-1000381
Medium prioritySome fixes available 4 of 5
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
2 affected packages
c-ares, nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
c-ares | — | Not affected | Not affected | Not affected | Fixed |
nodejs | — | Not affected | Not affected | Not affected | Fixed |
CVE-2016-7099
Medium prioritySome fixes available 2 of 6
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Fixed |
CVE-2016-5325
Medium prioritySome fixes available 2 of 7
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | — | — | Not affected | Fixed |
CVE-2016-2216
Low priorityThe HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2016-2086
Low priorityNode.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | Not affected | Not affected | Not affected | Not affected | Vulnerable |