Filtered by vendor Nodejs
Subscriptions
Filtered by product Node.js
Subscriptions
Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0278 | 3 Fedoraproject, Libuv Project, Nodejs | 3 Fedora, Libuv, Node.js | 2024-11-21 | N/A |
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors. | ||||
CVE-2014-9772 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters. | ||||
CVE-2014-9748 | 3 Libuv, Microsoft, Nodejs | 4 Libuv, Windows Server 2003, Windows Xp and 1 more | 2024-11-21 | 8.1 High |
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition. | ||||
CVE-2014-7191 | 2 Nodejs, Redhat | 2 Node.js, Rhel Software Collections | 2024-11-21 | N/A |
The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array. | ||||
CVE-2014-3744 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. | ||||
CVE-2014-0224 | 9 Fedoraproject, Filezilla-project, Mariadb and 6 more | 23 Fedora, Filezilla Server, Mariadb and 20 more | 2024-11-21 | 7.4 High |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | ||||
CVE-2013-7454 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. | ||||
CVE-2013-7453 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. | ||||
CVE-2013-7452 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. | ||||
CVE-2013-7451 | 1 Nodejs | 1 Node.js | 2024-11-21 | N/A |
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag. | ||||
CVE-2013-6668 | 4 Debian, Google, Nodejs and 1 more | 7 Debian Linux, Chrome, V8 and 4 more | 2024-11-21 | N/A |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 6 Debian Linux, Chrome, Node.js and 3 more | 2024-11-21 | N/A |
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." |