VYPR

Node.js

by Node.js

Source repositories

CVEs (170)

  • CVE-2018-12120Nov 28, 2018
    risk 0.00cvss epss 0.04

    Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug…

  • CVE-2018-12122Nov 28, 2018
    risk 0.00cvss epss 0.41

    Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.

  • CVE-2015-5380Jul 9, 2015
    risk 0.00cvss epss 0.03

    The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that there is memory available for a UTF-16 surrogate pair, which allows remote…

  • CVE-2015-0278May 18, 2015
    risk 0.00cvss epss 0.03

    libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

  • CVE-2014-7191Oct 19, 2014
    risk 0.00cvss epss 0.08

    The qs module before 1.0.0 in Node.js does not call the compact function for array data, which allows remote attackers to cause a denial of service (memory consumption) by using a large index value to create a sparse array.

  • CVE-2014-5256Sep 5, 2014
    risk 0.00cvss epss 0.03

    Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service (memory corruption and application…

  • CVE-2013-6668Mar 5, 2014
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2013-4450Oct 21, 2013
    risk 0.00cvss epss 0.37

    The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

  • CVE-2013-2882Jul 31, 2013
    risk 0.00cvss epss 0.02

    Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

  • CVE-2012-2330Aug 13, 2012
    risk 0.00cvss epss 0.03

    The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length…

Page 9 of 9