Nodejs Node.js 4.4.0 Release Candidate 2

CPE Details

Nodejs Node.js 4.4.0 Release Candidate 2
nodejs
node.js
4.4.0
2019-02-11
15h39 +00:00
2020-02-10
16h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nodejs:node.js:4.4.0:rc2:*:*:*:*:*:*

Informations

Vendor

nodejs

Product

node.js

Version

4.4.0

Update

rc2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-5407 2018-11-15 20h00 +00:00 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
Medium
CVE-2018-12115 2018-08-21 13h00 +00:00 In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
7.5
High
CVE-2017-11499 2017-07-25 11h00 +00:00 Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
7.5
High
CVE-2016-5325 2016-10-10 14h00 +00:00 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.
6.1
Medium
CVE-2016-7099 2016-10-10 14h00 +00:00 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
5.9
Medium
CVE-2016-5180 2016-10-03 13h00 +00:00 Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
9.8
Critical
CVE-2016-6303 2016-09-15 22h00 +00:00 Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
9.8
Critical
CVE-2016-3956 2016-07-02 12h00 +00:00 The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
7.5
High