Shodan
Vulnerabilities
Vulnerable Software
Nodejs:  Security Vulnerabilities
CVE-2017-14919
Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-10-30
CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
CVSS Score
7.5
EPSS Score
0.552
Published
2017-10-23
CVE-2015-7384
Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-10-10
CVE-2017-14849
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
CVSS Score
7.5
EPSS Score
0.902
Published
2017-09-28
CVE-2015-2927
node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).
CVSS Score
6.5
EPSS Score
0.013
Published
2017-09-20
CVE-2017-11499
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-07-25
CVE-2017-1000381
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-07-07
CVE-2016-9840
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVSS Score
8.8
EPSS Score
0.055
Published
2017-05-23
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVSS Score
9.8
EPSS Score
0.119
Published
2017-05-23
CVE-2016-9842
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVSS Score
8.8
EPSS Score
0.063
Published
2017-05-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved