Filtered by vendor Nodejs Subscriptions
Filtered by product Node.js Subscriptions
Total 152 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-0278 3 Fedoraproject, Libuv Project, Nodejs 3 Fedora, Libuv, Node.js 2024-11-21 N/A
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.
CVE-2014-9772 1 Nodejs 1 Node.js 2024-11-21 N/A
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVE-2014-9748 3 Libuv, Microsoft, Nodejs 4 Libuv, Windows Server 2003, Windows Xp and 1 more 2024-11-21 8.1 High
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
CVE-2014-7191 2 Nodejs, Redhat 2 Node.js, Rhel Software Collections 2024-11-21 N/A
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.
CVE-2014-3744 1 Nodejs 1 Node.js 2024-11-21 N/A
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
CVE-2014-0224 9 Fedoraproject, Filezilla-project, Mariadb and 6 more 23 Fedora, Filezilla Server, Mariadb and 20 more 2024-11-21 7.4 High
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVE-2013-7454 1 Nodejs 1 Node.js 2024-11-21 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVE-2013-7453 1 Nodejs 1 Node.js 2024-11-21 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVE-2013-7452 1 Nodejs 1 Node.js 2024-11-21 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
CVE-2013-7451 1 Nodejs 1 Node.js 2024-11-21 N/A
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
CVE-2013-6668 4 Debian, Google, Nodejs and 1 more 7 Debian Linux, Chrome, V8 and 4 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2013-2882 4 Debian, Google, Nodejs and 1 more 6 Debian Linux, Chrome, Node.js and 3 more 2024-11-21 N/A
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."