CVE search results

131 – 140 of 191 results

Detailed view

Sort by:

CVE-2020-8265

Medium priority

Some fixes available 3 of 7

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly...

1 affected package

nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	—	Not affected	Fixed	Fixed

CVE-2020-8251

Medium priority

Ignored

Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.

1 affected package

nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	—	Not affected	Not affected	Not affected

CVE-2020-8201

Medium priority

Ignored

Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform...

1 affected package

nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	—	Not affected	Not affected	Not affected

CVE-2020-8174

Medium priority

Some fixes available 2 of 7

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

1 affected package

nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	—	Not affected	Fixed	Fixed

CVE-2020-8172

Medium priority

Ignored

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.

1 affected package

nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	—	Not affected	Not affected	Not affected

CVE-2020-1971

High priority

Fixed

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...

4 affected packages

openssl, nodejs, openssl1.0, edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	—	—	Fixed	Fixed
nodejs	—	—	Not affected	Not affected
openssl1.0	—	—	Not in release	Fixed
edk2	—	—	Not affected	Not affected

CVE-2020-1968

Low priority

Some fixes available 3 of 4

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this...

4 affected packages

openssl, openssl1.0, nodejs, edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
openssl	Not affected	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Fixed
nodejs	Not affected	Not affected	Not affected	Not affected
edk2	Not affected	Not affected	Not affected	Not affected

CVE-2020-11080

Medium priority

Some fixes available 3 of 8

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400...

2 affected packages

nghttp2, nodejs

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nghttp2	Not affected	Not affected	Fixed	Fixed
nodejs	Not affected	Not affected	Not affected	Not affected

CVE-2019-9514

Medium priority

Some fixes available 15 of 80

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang, golang-1.6, golang-1.7, golang-1.8, golang-1.9...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.7	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release
nginx	Not affected	Not affected	Not affected	Not affected
twisted	Fixed	Fixed	Fixed	Fixed
trafficserver	Not affected	Not affected	Not affected	Vulnerable
h2o	Not affected	Not affected	Not affected	Needs evaluation
nodejs	Not affected	Not affected	Not affected	Ignored
golang-google-grpc	Vulnerable	Vulnerable	Vulnerable	Vulnerable
grpc	Vulnerable	Vulnerable	Vulnerable	Vulnerable
netty	Not affected	Not affected	Not affected	Fixed

CVE-2019-9513

Medium priority

Some fixes available 15 of 25

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes...

3 affected packages

nodejs, nghttp2, nginx

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
nodejs	Not affected	Not affected	Not affected	Ignored
nghttp2	Not affected	Not affected	Not affected	Fixed
nginx	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page:

Search CVE reports