Search CVE reports
11 – 20 of 176 results
CVE-2024-37372
Medium priority[Unknown description]
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-22018
Medium priorityA vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-22020
Medium priorityA security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-5535
Low prioritySome fixes available 3 of 17
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| openssl1.0 | Not in release | Not in release | Not in release | Needs evaluation | — |
CVE-2021-44534
Medium priorityInsufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-4741
Low prioritySome fixes available 3 of 16
Use After Free with SSL_free_buffers
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-4603
Low prioritySome fixes available 2 of 7
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Vulnerable | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation | Needs evaluation |
| openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | — |
CVE-2024-27982
Medium priorityThe team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header,...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-27980
Medium priorityML-Date: 2024-04-10 13:36:20, ML-Subject: [oss-security] NodeJS Command injection via args parameter of child_process.spawn without shell option enabled on Windows (CVE-2024-27980)
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2024-27983
Medium priorityAn attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |