Search CVE reports
71 – 80 of 176 results
CVE-2022-3996
Low prioritySome fixes available 5 of 6
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-43548
Medium prioritySome fixes available 3 of 4
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Fixed | Fixed | Fixed | Not affected |
CVE-2022-35256
Medium prioritySome fixes available 1 of 2
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Fixed | Not affected | Not affected | Not affected |
CVE-2022-35255
Medium priorityA weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-40735
Medium prioritySome fixes available 1 of 6
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents"...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Not affected |
nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
openssl | Not affected | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | Not in release | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3786
High prioritySome fixes available 5 of 6
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3602
High prioritySome fixes available 5 of 6
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-3358
Low prioritySome fixes available 5 of 6
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nodejs | Not affected | Not affected | Not affected | Not affected | Not affected |
openssl | Fixed | Fixed | Not affected | Not affected | Not affected |
openssl1.0 | — | Not in release | Not in release | Not affected | Not in release |
CVE-2022-32223
Medium priorityNode.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-32222
Medium priorityA cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl...
1 affected packages
nodejs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nodejs | — | Not affected | Not affected | Not affected | Not affected |