Search CVE reports
101 – 110 of 176 results
CVE-2021-22930
Low priorityNode.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-3712
Medium prioritySome fixes available 14 of 18
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Needs evaluation | Fixed | Needs evaluation | Needs evaluation |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2021-3711
High priorityIn order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2021-22940
Low priorityNode.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-22939
Low priorityIf the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-22931
Medium priorityNode.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-22921
Medium priorityNode.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-3450
High priorityThe X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Not affected | Not affected | Not affected |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |
CVE-2021-3449
High prioritySome fixes available 14 of 15
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...
10 affected packages
edk2, nodejs, openssl, openssl1.0, postgresql-10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
| postgresql-10 | Not in release | Not in release | Not in release | Fixed | Not in release |
| postgresql-12 | Not in release | Not in release | Fixed | Not in release | Not in release |
| postgresql-13 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| postgresql-9.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2021-22884
Medium prioritySome fixes available 2 of 6
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved...
1 affected packages
nodejs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nodejs | — | Not affected | Fixed | Fixed | Not affected |