Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Linux_enterprise
(Suse)| Repositories | https://github.com/nodejs/node |
| #Vulnerabilities | 97 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-09-17 | CVE-2009-3231 | The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password. | Ubuntu_linux, Fedora, Opensuse, Postgresql, Linux_enterprise, Linux_enterprise_server | N/A | ||
| 2009-02-22 | CVE-2009-0040 | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | Iphone_os, Mac_os_x, Debian_linux, Fedora, Libpng, Opensuse, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_server | N/A | ||
| 2008-11-13 | CVE-2008-4989 | The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). | Ubuntu_linux, Debian_linux, Fedora, Gnutls, Opensuse, Linux_enterprise, Linux_enterprise_server | 5.9 | ||
| 2009-06-09 | CVE-2009-0949 | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise | 7.5 | ||
| 2010-05-07 | CVE-2010-1866 | The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | Opensuse, Php, Linux_enterprise | 9.8 | ||
| 2009-03-02 | CVE-2009-0749 | Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. | Opensuse, Optipng, Linux_enterprise | 7.8 | ||
| 2009-08-11 | CVE-2009-2416 | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | Iphone_os, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Opensuse, Enterprise_linux, Openoffice\.org, Linux_enterprise, Linux_enterprise_server, Esx, Esxi, Vcenter_server, Vma, Libxml, Libxml2 | 6.5 | ||
| 2010-04-07 | CVE-2010-0629 | Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number. | Ubuntu_linux, Fedora, Kerberos_5, Opensuse, Linux_enterprise | 6.5 | ||
| 2010-11-05 | CVE-2010-2941 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. | Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Opensuse, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise, Linux_enterprise_server | 9.8 | ||
| 2010-01-09 | CVE-2010-0013 | Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of... | Adium, Fedora, Opensuse, Pidgin, Enterprise_linux, Linux_enterprise, Linux_enterprise_server | 7.5 |