Product:

Linux_enterprise

(Suse)
Repositories https://github.com/nodejs/node
#Vulnerabilities 97
Date Id Summary Products Score Patch Annotated
2009-02-22 CVE-2009-0040 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. Iphone_os, Mac_os_x, Debian_linux, Fedora, Libpng, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server N/A
2008-11-13 CVE-2008-4989 The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). Ubuntu_linux, Debian_linux, Fedora, Gnutls, Opensuse, Linux_enterprise, Linux_enterprise_server 5.9
2009-06-09 CVE-2009-0949 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise 7.5
2010-05-07 CVE-2010-1866 The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. Opensuse, Php, Linux_enterprise 9.8
2009-03-02 CVE-2009-0749 Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. Opensuse, Optipng, Linux_enterprise 7.8
2009-08-11 CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Iphone_os, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Opensuse, Enterprise_linux, Openoffice\.org, Linux_enterprise, Linux_enterprise_server, Esx, Esxi, Vcenter_server, Vma, Libxml, Libxml2 6.5
2010-04-07 CVE-2010-0629 Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. Ubuntu_linux, Fedora, Kerberos_5, Opensuse, Linux_enterprise 6.5
2010-11-05 CVE-2010-2941 ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise, Linux_enterprise_server 9.8
2010-01-09 CVE-2010-0013 Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of... Adium, Fedora, Opensuse, Pidgin, Enterprise_linux, Linux_enterprise, Linux_enterprise_server 7.5
2015-04-19 CVE-2015-1241 Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. Ubuntu_linux, Debian_linux, Chrome, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise N/A