Search CVE reports
41 – 50 of 191 results
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
Some fixes available 10 of 21
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might...
4 affected packages
openssl1.0, nodejs, edk2, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed |
Some fixes available 5 of 10
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 5 of 10
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 6 of 8
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Fixed | Fixed | Fixed |
Some fixes available 1 of 3
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation,...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
Some fixes available 9 of 20
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key...
4 affected packages
openssl1.0, nodejs, edk2, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed |