Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise
(Suse)| Repositories | https://github.com/nodejs/node |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-25 | CVE-2021-4166 | vim is vulnerable to Out-of-bounds Read | Mac_os_x, Macos, Debian_linux, Fedora, Factory, Enterprise_linux, Linux_enterprise, Vim | 7.1 | ||
| 2013-11-18 | CVE-2013-4480 | Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | Network_satellite, Satellite, Satellite_with_embedded_oracle, Linux_enterprise, Manager | N/A | ||
| 2022-08-24 | CVE-2021-4028 | A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. | Linux_kernel, Linux_enterprise | 7.8 | ||
| 2010-12-06 | CVE-2010-4180 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | Ubuntu_linux, Debian_linux, Nginx, Fedora, Openssl, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2020-06-15 | CVE-2020-14147 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. | Debian_linux, Communications_operations_monitor, Redis, Linux_enterprise | 7.7 | ||
| 2018-07-23 | CVE-2018-14523 | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
| 2018-07-23 | CVE-2018-14522 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
| 2016-10-10 | CVE-2016-7099 | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | Node\.js, Linux_enterprise | 5.9 | ||
| 2016-10-10 | CVE-2016-5325 | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | Node\.js, Linux_enterprise | 6.1 | ||
| 2016-04-30 | CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Debian_linux, Firefox, Leap, Opensuse, Linux_enterprise | 8.8 |