Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise
(Suse)| Repositories | https://github.com/nodejs/node |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-12-06 | CVE-2010-4180 | OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. | Ubuntu_linux, Debian_linux, Nginx, Fedora, Openssl, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2020-06-15 | CVE-2020-14147 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. | Debian_linux, Communications_operations_monitor, Redis, Linux_enterprise | 7.7 | ||
| 2018-07-23 | CVE-2018-14523 | An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
| 2018-07-23 | CVE-2018-14522 | An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. | Aubio, Leap, Linux_enterprise | 8.8 | ||
| 2016-10-10 | CVE-2016-7099 | The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | Node\.js, Linux_enterprise | 5.9 | ||
| 2016-10-10 | CVE-2016-5325 | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. | Node\.js, Linux_enterprise | 6.1 | ||
| 2016-04-30 | CVE-2016-2806 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | Debian_linux, Firefox, Leap, Opensuse, Linux_enterprise | 8.8 |