Search CVE reports


Toggle filters

1 – 10 of 183 results


CVE-2024-12797

High priority
Fixed

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not in release Not affected
Show less packages

CVE-2025-23085

Medium priority
Needs evaluation

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-23084

Medium priority
Needs evaluation

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-23090

Medium priority
Needs evaluation

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched,...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-23083

Medium priority
Needs evaluation

With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-13176

Low priority

Some fixes available 1 of 16

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-37372

Medium priority
Needs evaluation

The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-27980

Medium priority
Not affected

Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-9143

Low priority

Some fixes available 1 of 17

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
nodejs Not affected Vulnerable Not affected Needs evaluation Needs evaluation
openssl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openssl1.0 Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-36138

Medium priority
Needs evaluation

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject...

1 affected package

nodejs

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages