Search CVE reports
81 – 90 of 248 results
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 12
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...
5 affected packages
openssl, openssl1.0, nodejs, edk2, openssl-fips
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| edk2 | Not affected | Fixed | Not affected | Not affected | Not affected |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | Ignored | Not affected | Not affected | Not affected |
| nodejs | — | Not affected | Ignored | Not affected | Not affected |
| openssl | — | Ignored | Ignored | Not affected | Not affected |
| openssl1.0 | — | Not in release | Not in release | Not in release | Not affected |
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Vulnerable | Not affected | Not affected |
A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 10 of 23
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...
5 affected packages
openssl1.0, nodejs, edk2, openssl, openssl-fips
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| edk2 | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 10 of 22
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the...
5 affected packages
edk2, openssl, openssl1.0, nodejs, openssl-fips
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Vulnerable | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed | Needs evaluation |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 12
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters...
5 affected packages
openssl, openssl1.0, nodejs, edk2, openssl-fips
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openssl | Fixed | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Needs evaluation | Not affected | Needs evaluation |
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl-fips | Not in release | Fixed | Not in release | Not in release | Not in release |
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header,...
1 affected package
nodejs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Vulnerable | Vulnerable | Not affected | Not affected |