Search CVE reports
51 – 60 of 186 results
CVE-2023-44487
High prioritySome fixes available 29 of 42
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
dotnet6, dotnet7, dotnet8, h2o, haproxy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| h2o | Not affected | Not affected | Not affected | Fixed |
| haproxy | Not affected | Not affected | Not affected | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
CVE-2023-32558
Medium priorityThe use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
CVE-2023-32005
Medium priorityA vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
CVE-2023-4807
Medium priorityIssue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
CVE-2023-32559
Medium prioritySome fixes available 2 of 3
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Fixed | Not affected | Not affected |
CVE-2023-32002
Medium prioritySome fixes available 2 of 3
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Fixed | Not affected | Not affected |
CVE-2023-32006
Medium prioritySome fixes available 2 of 3
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Fixed | Not affected | Not affected |
CVE-2023-32004
Medium priorityA vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected |
CVE-2023-32003
Medium priority`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create...
1 affected package
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| nodejs | Not affected | Not affected | Not affected | Not affected |
CVE-2023-3817
Low prioritySome fixes available 6 of 18
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
| nodejs | Not affected | Vulnerable | Not affected | Needs evaluation |
| openssl | Not affected | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |