nodejs16 (SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS package nodejs16, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2024-27983 — CVSS 8.2 (high): An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2…
CVE-2024-22019 — CVSS 7.5 (high): A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to…
CVE-2023-46809 — CVSS 7.4 (high): Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched…
CVE-2024-24806 — CVSS 7.3 (high): libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and…
CVE-2024-22025 — CVSS 6.5 (medium): A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the…
CVE-2024-27982 — CVSS 6.5 (medium): The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to…
CVE-2024-24758 — CVSS 3.9 (low): Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but…