Product:

Linux_enterprise

(Suse)
Repositories https://github.com/nodejs/node
#Vulnerabilities 70
Date ID Summary Products Score Patch
2018-07-23 CVE-2018-14523 An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. Aubio, Leap, Linux_enterprise 8.8
2018-07-23 CVE-2018-14522 An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. Aubio, Leap, Linux_enterprise 8.8
2017-04-12 CVE-2016-9959 game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server 7.8
2017-04-12 CVE-2016-9958 game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server 7.8
2017-04-12 CVE-2016-9957 Stack-based buffer overflow in game-music-emu before 0.6.1. Game\-Music\-Emu, Leap, Opensuse, Leap, Linux_enterprise, Linux_enterprise_desktop, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server 7.8
2017-02-03 CVE-2016-8569 The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Fedora, Libgit2, Leap, Opensuse, Linux_enterprise 5.5
2017-02-03 CVE-2016-8568 The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Fedora, Libgit2, Leap, Opensuse, Linux_enterprise 5.5
2016-12-23 CVE-2016-7966 Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. Debian_linux, Fedora, Kmail, Linux_enterprise 7.3
2016-10-10 CVE-2016-7099 The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Node\.js, Linux_enterprise 5.9
2016-10-10 CVE-2016-5325 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. Node\.js, Linux_enterprise 6.1