Shodan
Vulnerabilities
Vulnerable Software
Nodejs:  >> Node.js  >> 0.10.39  Security Vulnerabilities
CVE-2013-7453
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-01-23
CVE-2013-7454
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-01-23
CVE-2014-9772
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-01-23
CVE-2015-8855
The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."
CVSS Score
7.5
EPSS Score
0.01
Published
2017-01-23
CVE-2015-8860
The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-01-23
CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.007
Published
2016-10-10
CVE-2016-5325
CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-10-10
CVE-2016-5180
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
CVSS Score
9.8
EPSS Score
0.193
Published
2016-10-03
CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
CVSS Score
5.9
EPSS Score
0.093
Published
2016-09-26
CVE-2016-6304
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
CVSS Score
7.5
EPSS Score
0.234
Published
2016-09-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved