Linux_enterprise - Vulncode-DB

Product:
Linux_enterprise
(Suse)

Repositories	https://github.com/nodejs/node
#Vulnerabilities	70

Date	ID	Summary	Products	Score	Patch
2018-07-23	CVE-2018-14523	An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.	Aubio, Leap, Linux_enterprise	8.8
2018-07-23	CVE-2018-14522	An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.	Aubio, Leap, Linux_enterprise	8.8
2017-04-12	CVE-2016-9959	game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8
2017-04-12	CVE-2016-9958	game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8
2017-04-12	CVE-2016-9957	Stack-based buffer overflow in game-music-emu before 0.6.1.	Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server	7.8
2017-02-03	CVE-2016-8569	The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.	Fedora, Libgit2, Leap, Opensuse, Linux_enterprise	5.5
2017-02-03	CVE-2016-8568	The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.	Fedora, Libgit2, Leap, Opensuse, Linux_enterprise	5.5
2016-12-23	CVE-2016-7966	Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.	Debian_linux, Fedora, Kmail, Linux_enterprise	7.3
2016-10-10	CVE-2016-7099	The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.	Node\.js, Linux_enterprise	5.9
2016-10-10	CVE-2016-5325	CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument.	Node\.js, Linux_enterprise	6.1