Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netapp Subscribe
Filtered by product Nextgen Api
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22939 5 Debian, Netapp, Nodejs and 2 more 8 Debian Linux, Nextgen Api, Node.js and 5 more 2022-11-07 5.0 MEDIUM 5.3 MEDIUM
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
CVE-2021-22940 5 Debian, Netapp, Nodejs and 2 more 7 Debian Linux, Nextgen Api, Node.js and 4 more 2022-11-03 5.0 MEDIUM 7.5 HIGH
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVE-2021-22930 4 Debian, Netapp, Nodejs and 1 more 4 Debian Linux, Nextgen Api, Node.js and 1 more 2022-11-03 7.5 HIGH 9.8 CRITICAL
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVE-2021-22931 4 Netapp, Nodejs, Oracle and 1 more 10 Active Iq Unified Manager, Nextgen Api, Oncommand Insight and 7 more 2022-08-12 7.5 HIGH 9.8 CRITICAL
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.